A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
Loading...
Loading...
Score 9.9 from GitHub Security Advisory (severity: CRITICAL) published 2022-10-17. NVD baseline CVSS 9.9; sources differ by 0.0.
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
October 17, 2022
May 14, 2025
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.
Working exploit code is in the public domain (1 GitHub PoC) (1 Exploit-DB entry). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
Open source ↗Exploits GitLab authenticated RCE vulnerability known as CVE-2022-2884.
Open source ↗See which npm, PyPI, Go, and Maven packages are affected by CVE-2022-2884
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.
CWE-78