{"vulnerability": "cve-2022-2884", "sightings": [{"uuid": "bf58fe4c-171b-4bd9-8ca2-a4b688891bf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2884", "type": "exploited", "source": "https://www.exploit-db.com/exploits/51181", "content": "", "creation_timestamp": "2023-04-01T00:00:00.000000Z"}, {"uuid": "b5179322-ae87-494d-aa56-8b23b4b5bd34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2884", "type": "seen", "source": "https://t.me/YAH_Channel/967", "content": "\u041f\u043e\u0433\u043e\u0432\u043e\u0440\u0438\u043c \u043f\u0440\u043e \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 GitLab\n\u041a\u0430\u043a \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0430, \u0443 \u0431\u043e\u043b\u044c\u0448\u043e\u0433\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0447\u0430\u0441\u0442\u0435\u043d\u044c\u043a\u043e \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 GitLab \u0432 \u043f\u0430\u0431\u043b\u0438\u043a. \u0414\u0430 \u0438 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0435\u0433\u043e... \n\n\u042d\u0442\u043e \u0443\u0434\u043e\u0431\u043d\u043e \u0431\u0438\u0437\u043d\u0435\u0441\u0443, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043a\u043e\u0433\u0434\u0430 \u0435\u0441\u0442\u044c \u043a\u0443\u0447\u0430 \u043f\u043e\u0434\u0440\u044f\u0434\u0447\u0438\u043a\u043e\u0432. \u041a\u043e\u043c\u0444\u043e\u0440\u0442\u043d\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441, web-\u0445\u0443\u043a\u0438, CI-\u0432\u0438\u0434\u0436\u0435\u0442\u044b, \u0432\u0441\u0451 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0438\u0437 \u043a\u043e\u0440\u043e\u0431\u043a\u0438. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0442\u043e\u0442 \u0436\u0435 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0432\u044b\u043c, \u0447\u0442\u043e \u043d\u0430\u0445\u043e\u0434\u044f\u0442 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u043a\u0430\u043d\u0435\u0440\u044b \u0442\u0438\u043f\u0430 Shodan \u0438 Censys. \u0414\u0430\u043b\u044c\u0448\u0435 \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u043f\u0440\u0435\u0434\u0441\u043a\u0430\u0437\u0443\u0435\u043c\u043e.\n\n\u041a\u0430\u043a \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f\n1. \u041e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438\n\u0412 \u043d\u043e\u0432\u044b\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u0435\u0435 \u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442, \u043d\u043e \u043e\u0431\u044b\u0447\u043d\u043e \u043d\u0430 help \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043e\u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430. GitLab \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442, \u043a\u0430\u043a\u043e\u0439 \u043f\u0430\u0442\u0447 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u043b\u0441\u044f \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0440\u0430\u0437. \u0415\u0441\u043b\u0438 \u0432\u0435\u0440\u0441\u0438\u044f \u0443\u0441\u0442\u0430\u0440\u0435\u043b\u0430, \u0441\u043f\u0438\u0441\u043e\u043a \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 CVE \u0443\u0436\u0435 \u0433\u043e\u0442\u043e\u0432.\n2. Remote Code Execution\n\u0414\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (CVE-2025-1257, CVE-2022-2884 \u0438 \u0442. \u0434.) \u0434\u0430\u0432\u043d\u043e \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0442 \u0441\u043a\u0440\u0438\u043f\u0442\u044b-\u043f\u043b\u0435\u0439\u0431\u0443\u043a\u0438. \u0412\u0440\u0435\u043c\u044f \u043e\u0442 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0431\u0430\u043d\u043d\u0435\u0440\u0430 \u0434\u043e shell \u2014 \u043c\u0438\u043d\u0443\u0442\u044b.\n3. \u0414\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u043c \u0438 Runner-\u0441\u0435\u043a\u0440\u0435\u0442\u0430\u043c\n\u0423\u0441\u043f\u0435\u0448\u043d\u044b\u0439 RCE \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0441\u0435\u043a\u0440\u0435\u0442\u044b \u0432 gitlab variables, CI-\u0442\u043e\u043a\u0435\u043d\u044b, deploy-keys, \u0430 \u043d\u0435\u0440\u0435\u0434\u043a\u043e \u0438 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0435 \u043a\u043b\u044e\u0447\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0432 \u0430\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u0430\u0445.\n4. \u0420\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0432\u043d\u0443\u0442\u0440\u0438 \u0441\u0435\u0442\u0438\n\u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0442\u043e\u043a\u0435\u043d\u043e\u0432 CI/CD \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u0435\u0442 \u0431\u044d\u043a\u0434\u043e\u0440 \u0432 \u043f\u0430\u0439\u043f\u043b\u0430\u0439\u043d\u0430\u0445, \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0440\u043e\u0434-\u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u0430 \u0437\u0430\u0442\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 \u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0438 \u0438\u043b\u0438 \u0442\u0438\u0445\u0443\u044e \u043f\u043e\u0434\u043c\u0435\u043d\u0443 \u043a\u043e\u0434\u0430.\n5. Supply-chain-\u044d\u0444\u0444\u0435\u043a\u0442\n\u0418\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u0445 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442\u0441\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c, \u043f\u0430\u0440\u0442\u043d\u0451\u0440\u0430\u043c, \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u2014 \u0443\u0449\u0435\u0440\u0431 \u0432\u044b\u0445\u043e\u0434\u0438\u0442 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043e\u0434\u043d\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u041f\u043e\u0447\u0435\u043c\u0443 \u0440\u0438\u0441\u043a \u043d\u0435\u0434\u043e\u043e\u0446\u0435\u043d\u0438\u0432\u0430\u044e\u0442\n- GitLab \u0432\u043e\u0441\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0432\u0442\u043e\u0440\u0430\u044f Jira. \u041f\u043e\u0447\u0435\u043c\u0443-\u0442\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u0432\u043d\u0443\u0442\u0440\u0438 \u0447\u0430\u0441\u0442\u043e \u043b\u0435\u0436\u0430\u0442 \u043a\u043e\u0434\u044b \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b, \u0434\u043e\u0441\u0442\u0443\u043f\u044b \u043a Kubernetes, Ansible playbooks \u0438 \u0442\u043e\u043a\u0435\u043d\u044b \u043e\u0431\u043b\u0430\u043a\u0430.\n- \u0421\u0435\u0440\u0432\u0438\u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0435\u0434\u043a\u043e: \u043c\u0430\u0436\u043e\u0440\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0442\u0435\u0441\u0442\u043e\u0432, \u0440\u0430\u043d\u043d\u0435\u0440\u043e\u0432 \u0438 \u0438\u043d\u043e\u0433\u0434\u0430 \u0434\u0430\u0443\u043d\u0442\u0430\u0439\u043c\u0430. \u041f\u0430\u0442\u0447\u0438 \u043e\u0442\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u044e\u0442\n- \u00ab\u041d\u0443 \u0438 \u0447\u0442\u043e, \u0443 GitLab \u0436\u0435 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f\u00bb \u2014 \u0434\u0430, \u043d\u043e \u0431\u0435\u0437 MFA \u0438 VPN \u043e\u043d\u0430 \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u0432\u043e\u043f\u0440\u043e\u0441\u043e\u043c \u043f\u0435\u0440\u0435\u0431\u043e\u0440\u0430 \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0438\u043b\u0438 \u0444\u0438\u0448\u0438\u043d\u0433\u0430.\n\n\u0427\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c\n1. GitLab \u0441\u043f\u0440\u044f\u0442\u0430\u0442\u044c \u0437\u0430 VPN; \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u2014 reverse proxy \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432\n2. \u0417\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u0442\u043e\u043a\u0435\u043d\u044b: \u0440\u043e\u0442\u0430\u0446\u0438\u044f \u0441\u0435\u043a\u0440\u0435\u0442\u043e\u0432; \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0435 deploy-keys \u0432\u043d\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\n3. \u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f. \u0418\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0431\u044d\u043a\u0430\u043f gitlab-backup; \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e\u0435 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u0430 \u0441\u0442\u0435\u043d\u0434\u0435.", "creation_timestamp": "2025-07-15T17:19:41.000000Z"}, {"uuid": "e8a7a8d4-91da-42b6-85a1-c48ba230de12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2884", "type": "seen", "source": "https://t.me/codeby_sec/6456", "content": "\u200b\ud83e\udd8a \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 GitLab \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435\n\nGitLab \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-2884, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0439 9.9 \u0431\u0430\u043b\u043b\u043e\u0432 \u0438\u0437 10 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0445\u0430\u043a\u0435\u0440\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0447\u0435\u0440\u0435\u0437 GitLab Import API.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 GitLab Community/Enterprise Edition \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 11.3.4 \u0434\u043e 15.1.5, \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 15.2 \u0434\u043e 15.2.3, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 15.3 \u0434\u043e 15.3.1. \u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 CVE-2022-2884 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u043f\u043e\u043a\u0430 \u043d\u0435\u0442.\n\nGitLab \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435. \u0414\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u0443 \u2014 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0438\u043c\u043f\u043e\u0440\u0442\u0430 GitLab \u043d\u0430 \u0432\u043a\u043b\u0430\u0434\u043a\u0435 \u00ab\u0412\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u044c \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c\u00bb \u0432 \u043c\u0435\u043d\u044e \u00ab\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438\u00bb \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\ud83d\uddde \u0411\u043b\u043e\u0433 \u041a\u043e\u0434\u0435\u0431\u0430\u0439\n\n#news #gitlab #vulnerability", "creation_timestamp": "2022-08-24T11:17:10.000000Z"}, {"uuid": "48ca203e-fb08-4367-87c7-11bea9cf0579", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2884", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16312", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2884\n\ud83d\udd25 CVSS Score: 9.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-14T14:24:19.300Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/371098\n2. https://hackerone.com/reports/1672388\n3. https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json\n4. http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.html", "creation_timestamp": "2025-05-14T14:31:57.000000Z"}, {"uuid": "9b5bb1a4-a636-411b-96d3-3febe05004e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2884", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/17224", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2884\n\ud83d\udd25 CVSS Score: 9.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-14T14:24:19.300Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/371098\n2. https://hackerone.com/reports/1672388\n3. https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json\n4. http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.html", "creation_timestamp": "2025-05-14T16:17:59.000000Z"}, {"uuid": "ced64786-d2b7-4eae-bcc2-3dc7604ef134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2884", "type": "seen", "source": "https://t.me/habr_com_news/9214", "content": "\u200b\u0412 GitLab \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435\n\nGitLab \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-2884 (CVSS 9.9), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0445\u0430\u043a\u0435\u0440\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0447\u0435\u0440\u0435\u0437 GitLab Import API. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 GitLab Community Edition (CE) \u0438 Enterprise Edition (EE).\n\n#\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c", "creation_timestamp": "2022-08-24T08:56:15.000000Z"}, {"uuid": "ca041eea-db93-4d9e-9ef6-f856ff98a99b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28846", "type": "seen", "source": "https://t.me/cibsecurity/44560", "content": "\u203c CVE-2022-28846 \u203c\n\nAdobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-16T00:19:33.000000Z"}, {"uuid": "d1c192cc-e743-4c50-92ec-65bf80eff6d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28847", "type": "seen", "source": "https://t.me/cibsecurity/44570", "content": "\u203c CVE-2022-28847 \u203c\n\nAdobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-16T00:19:45.000000Z"}, {"uuid": "870e85d1-8805-4a1f-9629-7916dca3b1a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2884", "type": "seen", "source": "https://t.me/ctinow/59914", "content": "Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884)\n\nhttps://ift.tt/HGuQELv", "creation_timestamp": "2022-08-24T12:56:29.000000Z"}, {"uuid": "710c54b0-37e2-43e0-9438-eb679b670b12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2884", "type": "seen", "source": "https://t.me/true_secator/3331", "content": "\u0414\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b DevOps GitLab, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043d\u0430\u0435\u0442 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 \u043a\u0430\u0436\u0434\u044b\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0441\u0442 \u0432 \u0441\u0432\u043e\u0435\u0439 \u0440\u0430\u0431\u043e\u0442\u0435, \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0411\u0430\u0433\u0430, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2022-2884 \u0438\u043c\u0435\u0435\u0442 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 9,9 \u043f\u043e CVSS \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 GitLab Community Edition (CE) \u0438 Enterprise Edition (EE), \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 11.3.4 \u0434\u043e 15.1.5, 15.2 \u0434\u043e 15.2.3 \u0438 15.3 \u0434\u043e 15.3.1.\n\n\u041f\u043e \u0441\u0432\u043e\u0435\u0439 \u0441\u0443\u0442\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u2014 \u044d\u0442\u043e \u0441\u043b\u0443\u0447\u0430\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0441 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0442.\u0435. \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043c\u043e\u0436\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0447\u0435\u0440\u0435\u0437 API \u0438\u043c\u043f\u043e\u0440\u0442\u0430 GitHub.\n\n\u041e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432 yvvdwf, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b Bug bounty.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 GitLab \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u0414\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435\u044f\u0441\u043d\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043b\u0438 \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u043e \u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u043f\u043e \u043a\u0430\u043a\u0438\u043c-\u0442\u043e \u043f\u0440\u0438\u0447\u0438\u043d\u0430\u043c \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u043e\u0444\u0442 GitLab \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0438\u043c\u043f\u043e\u0440\u0442\u0430 GitHub.", "creation_timestamp": "2022-08-24T16:36:02.000000Z"}, {"uuid": "843c26df-9f18-499e-ad16-dd73ff739188", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28840", "type": "seen", "source": "https://t.me/cibsecurity/44567", "content": "\u203c CVE-2022-28840 \u203c\n\nAdobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-16T00:19:40.000000Z"}, {"uuid": "2c56fe6f-2397-41ca-bb82-5c65e636ec21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28849", "type": "seen", "source": "https://t.me/cibsecurity/44565", "content": "\u203c CVE-2022-28849 \u203c\n\nAdobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-16T00:19:38.000000Z"}, {"uuid": "0abdc188-c18b-4c39-a9f8-ec037cca5d2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2884", "type": "seen", "source": "https://t.me/information_security_channel/48290", "content": "GitLab Patches Critical Remote Code Execution Vulnerability\nhttps://www.securityweek.com/gitlab-patches-critical-remote-code-execution-vulnerability\n\nDevOps platform GitLab has issued patches for a critical remote code execution vulnerability impacting its GitLab Community Edition (CE) and Enterprise Edition (EE) releases.\nTracked as CVE-2022-2884 (CVSS 9.9/10 severity), the security flaw can be exploited via the GitHub import API, but requires authentication to be triggered.\nread more (https://www.securityweek.com/gitlab-patches-critical-remote-code-execution-vulnerability)", "creation_timestamp": "2022-08-23T21:14:03.000000Z"}, {"uuid": "7c6a4d76-cfe8-477c-8890-f66392a1a416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28848", "type": "seen", "source": "https://t.me/cibsecurity/44562", "content": "\u203c CVE-2022-28848 \u203c\n\nAdobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-16T00:19:34.000000Z"}, {"uuid": "072de399-6a94-466d-b58d-01478331b160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2884", "type": "seen", "source": "https://t.me/sysodmins/15572", "content": "\u0412 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 GitLab 15.3.1, 15.2.3 \u0438 15.1.5 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2022-2884), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u0438\u043c\u0435\u044e\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f \u043a API \u0434\u043b\u044f \u0438\u043c\u043f\u043e\u0440\u0442\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0437 GitHub, \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u043e\u043a\u0430 \u043d\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442\u0441\u044f. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u043d\u0430 HackerOne \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0432\u044b\u043f\u043b\u0430\u0442\u044b \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0439 \u0437\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0443 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0438\u043c\u043f\u043e\u0440\u0442\u0430 \u0438\u0437 GitHub (\u0432 web-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 GitLab: \"Menu\" -> \"Admin\" -> \"Settings\" -> \"General\" -> \"Visibility and access controls\" -> \"Import sources\" -> \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \"GitHub\").", "creation_timestamp": "2022-08-25T11:01:17.000000Z"}, {"uuid": "2af8556e-788d-4910-9297-42155e67bad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2884", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8053", "content": "#exploit\n1. Dissecting redis CVE-2023-28425 with chatGPT as assistant\nhttps://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html\n\n2. CVE-2022-2884:\nGitLab v.15.3 - RCE (Authenticated)\nhttps://www.exploit-db.com/exploits/51181\n\n3. CVE-2022-39396:\nAnalysis of parse-server from prototype pollution to RCE vulnerability\nhttps://paper.seebug.org/2059", "creation_timestamp": "2023-04-04T11:01:01.000000Z"}]}