Input validation flaw in GitLab’s Community and Enterprise Software

Threat Advisories

Input validation flaw in GitLab’s Community and Enterprise Software

Threat Level
Vulnerability Report

For a detailed advisory, download the pdf file here

Summary

A remote code execution vulnerability that affects GitLab Community Edition (CE) and Enterprise Edition (EE) has been identified as CVE-2022-2884. It can be exploited using the GitHub import API, However it requires authentication to be triggered.

Sign up to receive our Weekly Threat Digest