9.9
CVSSv3

CVE-2022-2185

Published: 01/07/2022 Updated: 29/10/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gitlab gitlab 15.1.0

gitlab gitlab

Github Repositories

CVE-2022-2185 wo ee cve-2022-2185 gitlab authenticated rce

CVE-2022-2185 A critical issue has been discovered in GitLab affecting all versions starting from 140 prior to 14105, 150 prior to 1504, and 151 prior to 1511 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution authentication complexity vector NONE LOW NETWORK confidentialit

CVE-2022-2185-poc CVE-2022-2185 poc

THUCTF Write-Up by 4E1A607A Mobile checkin 科学上网上Discord, 在announcements上面有flag test your nc 连上nc survey 填完问卷, base64解码 Misc 小可莉能有什么坏心思呢? 3张图, 用图片查看器 (没有alpha channel) 打开可以识别3组, 用stegsolve (可能有alpha channel) 又识别出两组, 最后一组扔Word里面调亮度 flagmarket_level1

2022-HW-POC 2022 护网行动 POC 整理,网上冲浪冲来的,本人不对信息真实性负责。 免责申明:此POC严禁用于任何非授权攻击,遵守法律底线! 泛微云桥e-Bridge存在SQL注入漏洞 2022/7/11 新近真实漏洞 noxqianxincom/vulnerability/detail/QVD-2022-11894 Apache Commons远程代码执行漏洞(CVE-2022-33980) 2022/

Scan4all_Pro Scan4all Pro,Distributed, more optimized and faster a996a131 add VMware/vCenter/CVE-2022-22954 VMware/vCenter/CVE_2022_22972 gitlab/CVE-2022-2185 go_poc_check jenkins/CVE_2016_0792 jenkins/CVE_2016_0792_test ms/CVE-2021-26855_2 ms/CVE_2021_26855 ms/exchange/chkproxyshell ms/exchange/confirmtoken ms/exchange/proxyln ms/exchange/proxyln_test ms/exchange/proxytoken

CVE A collection of proof-of-concept exploit scripts written by the STAR Labs team for various CVEs that they discovered or found by others CVE-2022-2185 Target: GitLab Version: GitLab affecting all versions starting from 140 prior to 14105, 150 prior to 1504, and 151 prior to 1511 Exploit Written By: Nguyễn Tiến Giang CVE-2021-41073 Target: Linux Kernel Vers

CVE Exploit PoC's PoC exploits for multiple software vulnerabilities Current exploits CVE-2019-18634 (LPE): Stack-based buffer overflow in sudo tgetpassc when pwfeedback module is enabled CVE-2021-3156 (LPE): Heap-based buffer overflow in sudo sudoersc when an argv ends with backslash character CVE-2020-28018 (RCE): Exim Use-After-Free (UAF) in tls-opensslc leading t

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 请注意所有工具是否有后门或者其他异常行为,建议均在虚拟环境操作。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f