Input validation flaw in GitLab’s Community and Enterprise Software
Input validation flaw in GitLab’s Community and Enterprise Software
Threat Level
Vulnerability Report
For a detailed advisory, download the pdf file here
Summary
A remote code execution vulnerability that affects GitLab Community Edition (CE) and Enterprise Edition (EE) has been identified as CVE-2022-2884. It can be exploited using the GitHub import API, However it requires authentication to be triggered.