Published: 01/07/2022 Updated: 08/08/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gitlab gitlab 15.1.0
gitlab gitlab

Write-up of THUCTF 2022

THUCTF Write-Up by 4E1A607A Mobile checkin 科学上网上Discord, 在announcements上面有flag test your nc 连上nc survey 填完问卷, base64解码 Misc 小可莉能有什么坏心思呢？ 3张图, 用图片查看器 (没有alpha channel) 打开可以识别3组, 用stegsolve (可能有alpha channel) 又识别出两组, 最后一组扔Word里面调亮度 flagmarket_level1

wo ee cve-2022-2185 gitlab authenticated rce

CVE-2022-2185 wo ee cve-2022-2185 gitlab authenticated rce read: starlabssg/blog/2022/07-gitlab-project-import-rce-analysis-cve-2022-2185/ how to use First spawn a gitlab instance Log in, create a group and project with a unique name Create an access token Edit these lines in maingo and compile it: const importProjectName = "projectwtf" const runCmd = &qu

CVE-2022-2185 poc

CVE-2022-2185-poc CVE-2022-2185 poc wwwxusteducn/cve/indexjsp

CWE-78 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json https://hackerone.com/reports/1609965 https://gitlab.com/gitlab-org/gitlab/-/issues/366088 https://nvd.nist.gov https://github.com/84634E1A607A/thuctf-2022-wp

CVE-2022-2185

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect