Remote Code Execution Vulnerability in GitLab CE/EE via Import from GitHub API Endpoint

CVE-2022-2992 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.

Learn more about our Api Penetration Testing.