CVE-2022-2185 Information

Description

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5 15.0 prior to 15.0.4 and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature.

Reference

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json https://hackerone.com/reports/1609965 https://gitlab.com/gitlab-org/gitlab/-/issues/366088