Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.9
CVSSv3

CVE-2022-2185

Published: 01/07/2022 Updated: 08/08/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Gitlab

Vulnerability Summary

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gitlab gitlab 15.1.0

gitlab gitlab

Github Repositories

CVE-2022-2185

wo ee cve-2022-2185 gitlab authenticated rce

CVE-2022-2185 wo ee cve-2022-2185 gitlab authenticated rce read: starlabssg/blog/2022/07-gitlab-project-import-rce-analysis-cve-2022-2185/ how to use First spawn a gitlab instance Log in, create a group and project with a unique name Create an access token Edit these lines in maingo and compile it: const importProjectName = "projectwtf" const runCmd = &qu

CVE-2022-2185-poc

CVE-2022-2185 poc

CVE-2022-2185-poc CVE-2022-2185 poc wwwxusteducn/cve/indexjsp

THUCTF Write-Up by 4E1A607A

Write-up of THUCTF 2022

THUCTF Write-Up by 4E1A607A Mobile checkin 科学上网上Discord, 在announcements上面有flag test your nc 连上nc survey 填完问卷, base64解码 Misc 小可莉能有什么坏心思呢? 3张图, 用图片查看器 (没有alpha channel) 打开可以识别3组, 用stegsolve (可能有alpha channel) 又识别出两组, 最后一组扔Word里面调亮度 flagmarket_level1

Scan4all_Pro

Scan4all Pro,Distributed, more optimized and faster

Scan4all_Pro Scan4all Pro,Distributed, more optimized and faster v285 1、nuclei升级至最新版本 2、升级naabu至最新版本 3、添加若干go-POC检测 4、优化若干 v284 1、fuzz、及所有请求输出限制为800k,避免被反制、进行内存攻击导致程序崩溃 2、修复naabu、nmap扫描后使用ip继续

Threat Hunting with Splunk

Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise

Threat Hunting with Splunk Awesome Splunk SPL queries that can be used to detect the latest vulnerability exploitation attempts &, threat hunt for MITRE ATT&CK TTPs I'm including queries with regular expressions, so detection will be possible even if you haven't parsed the logs properly MITRE ATT&CK TTP & Detection Analytics TTP MI

CVE

A collection of proof-of-concept exploit scripts written by the STAR Labs team for various CVEs that they discovered or found by others.

CVE A collection of proof-of-concept exploit scripts written by the STAR Labs team for various CVEs that they discovered or found by others CVE-2023-31248 Target: Linux Kernel Version: Ubuntu kernel version 620-20 generic Exploit Written By: Cherie-Anne Lee CVE-2023-3514 Target: Razer Central Version: Razer Central 7110558 and below Exploit Written By: Phan Thanh Duy

CVE-2023-21752 CVE-2023-29343 CVE-2023-36874 CVE-2023-20178 2023Hvv CVE Exploit PoC's

CVE Exploit PoC's

CVE-2023-21752 针对 Windows 备份服务中任意文件删除漏洞的 PoC。 CVE-2023-29343 Sysmon 版本 1414 中任意文件写入错误的 PoC CVE-2023-36874 该漏洞适用于易受攻击的 Windows 客户端/服务器。 编译代码并创建 c:\test\system32 目录。将 wermgrexe 放入该目录并运行编译后的 PoC。 CVE-2023-20178 Cisco Secure Client(在 5

CVE-2023-21752 CVE-2023-29343 CVE-2023-36874 CVE-2023-20178 2023Hvv CVE Exploit PoC's

CVE Exploit PoC's

CVE-2023-21752 针对 Windows 备份服务中任意文件删除漏洞的 PoC。 CVE-2023-29343 Sysmon 版本 1414 中任意文件写入错误的 PoC CVE-2023-36874 该漏洞适用于易受攻击的 Windows 客户端/服务器。 编译代码并创建 c:\test\system32 目录。将 wermgrexe 放入该目录并运行编译后的 PoC。 CVE-2023-20178 Cisco Secure Client(在 5

Bug-Bounty Writeup Section 👨‍💻 : For All, by All (regular updates) General Writeups OWASP Top 10 Web-Application Issues (Updated) Chained Issues / Chained Bugs : Android Application Testing (Methods + Tools) IOS Application Testing (Methods + Tools) Guide To Penetration Testing tools (Beginner + Intermediate + Advanced tools and techniques) Jenkins Vulnerabilities API Security Testing Web 3.0 Writeups BlockChain Security IOT Security (Writeups + Security) Cheat-Sheets for Cybersecurity Famous Checklists Extra Practicing Labs (Critical Vulnerabilities) : Car Hacking Writeups A.I Based Security research writeups : Security Podcast :

Repository of Bug-Bounty Writeups

Bug-Bounty Writeup Section 👨‍💻 : For All, by All (regular updates) This is a place of all the Offensive Cybersecurity people Feel free to contribute in all sections Bug-Bounty Tools & Extensions (General + Updated) :- - XSSTRON :-Electron JS Browser To Find XSS Vulnerabilities Automatically -Extension should add a number of UI and functional features t

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 请注意所有工具是否有后门或者其他异常行为,建议均在虚拟环境操作。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 请注意所有工具是否有后门或者其他异常行为,建议均在虚拟环境操作。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集

PoC in GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

PoC in GitHub 2023 CVE-2023-0045 (2023-04-25) The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bi

PoC in GitHub

PoC in GitHub 2023 CVE-2023-0045 missyes/CVE-2023-0045 es0j/CVE-2023-0045 CVE-2023-0179 TurtleARM/CVE-2023-0179-PoC CVE-2023-0297 (2023-01-13) Code Injection in GitHub repository pyload/pyload prior to 050b3dev31 bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad CVE-2023-0315 (2023-01-15) Command Injection in GitHub repository froxlor/froxlor prior to 208 mhaskar/C

Kenzer Templates [5170] [DEPRECATED]

essential templates for kenzer [DEPRECATED]

Kenzer Templates [5170] [DEPRECATED] TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2013-2251 freaker freaker/exploits/CVE-2013-2251/exploitsh CVE-2017-6360 freaker freaker/exploits/CVE-2017-6360/exploitsh CVE-2017-6361 freaker freaker/exploits/CVE-2017-6361/exploitsh CVE-2017-7921 freaker freaker/exploits/CVE-2017-7921/exploitsh CVE-2018-11784 f

References

CWE-78https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.jsonhttps://hackerone.com/reports/1609965https://gitlab.com/gitlab-org/gitlab/-/issues/366088https://github.com/ESUAdmin/CVE-2022-2185https://nvd.nist.govhttps://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-4518malicious code‎validationCVE-2023-42916template injectionCVE-2023-41266CVE-2023-43089CVE-2023-5995CVE-2023-21746
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook