CVE-2022-2884

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.3.4 through 15.1.5 GitLab CE/EE versions 15.2 through 15.2.3 GitLab CE/EE versions 15.3 through 15.3.1

Description A vulnerability in GitLab CE/EE allows an authenticated user to achieve remote code execution via the "Import from GitHub" API endpoint. The issue is related to insufficient input validation, which can be exploited by an attacker to execute arbitrary code on the target system. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions 11.3.4 through 15.1.5, update to version 15.1.5 or later. For versions 15.2 through 15.2.3, update to version 15.2.3 or later. For versions 15.3 through 15.3.1, update to version 15.3.1 or later. As a temporary workaround, consider disabling the "Import from GitHub" API endpoint until a patch is available. Restrict access to the Import from GitHub feature to minimize the risk of exploitation. Avoid using the Import from GitHub feature in the affected API endpoint until the issue is resolved.