CVE-2022-2992

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.10 through 15.1.6 GitLab CE/EE versions 15.2 through 15.2.4 GitLab CE/EE versions 15.3 through 15.3.2

Description A vulnerability in GitLab CE/EE allows an authenticated user to achieve remote code execution via the "Import from GitHub" API endpoint. The issue is related to the import function from GitHub, which is associated with a lack of data cleaning measures at the management level. This can be exploited by a remote attacker to execute arbitrary code.

Recommendations For GitLab CE/EE versions 11.10 through 15.1.6, update to a version after 15.1.6. For GitLab CE/EE versions 15.2 through 15.2.4, update to a version after 15.2.4. For GitLab CE/EE versions 15.3 through 15.3.2, update to a version after 15.3.2. As a temporary workaround, consider disabling the "Import from GitHub" API endpoint until a patch is available.