A vulnerability researcher in the HackerOne platform identified and reported the critical vulnerability in Gitlab (GitLab is a DevOps software package that combines the ability to develop, secure, and operate software in a single application) through HackerOne bug bounty program.

This vulnerability could allow an authenticated user to achieve remote code execution via the ‘Import from GitHub API’ endpoint, this vulnerability was classified as CVE-2022-2884 in Common Vulnerability and exposures vulnerability database, which has a severity of “Critical” and has a vulnerability score of 9.9 as per CVSS (Common vulnerability scoring system).

This vulnerability was identified in the GitLab Community edition/Enterprise edition affecting versions 11.3.4 to 15.1.5 then versions starting from 15.2 to 15.2.3, and versions starting from 15.3 to 15.3.1.

Attack Vector: Network

Attack Complexity: Low

Privileges Required: Low

User Interaction: None

Scope: Changed

Confidentiality: High

Integrity: High

Availability: High

CVSS: 9.9


GitLab has released a patch for this vulnerability and recommended its users to update to its latest version of Gitlab, which is currently using the vulnerable versions of applications to versions 15.3.1, 15.2.3, and 15.1.5.




Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at