CVE-2022-2185

Name of the Vulnerable Software and Affected Versions GitLab versions 14.0 through 14.10.5 GitLab versions 15.0 through 15.0.4 GitLab versions 15.1 through 15.1.1

Description The issue is related to the improper assignment of permissions for a critical resource in GitLab, allowing an authenticated user authorized to import projects to import a maliciously crafted project. This can lead to remote code execution. The problem is associated with the Project Imports function in GitLab.

Recommendations For GitLab versions 14.0 through 14.10.5, update to version 14.10.5 or later. For GitLab versions 15.0 through 15.0.4, update to version 15.0.4 or later. For GitLab versions 15.1 through 15.1.1, update to version 15.1.1 or later. As a temporary workaround, consider restricting access to the project import feature until a patch is applied.