CVE-2022-2185: GitLab Remote Code Execution Vulnerability
On June 30, 2022, GitLab officially issued a security notice to fix a vulnerability (CVE-2022-2185) in the Community Edition (CE) and Enterprise Edition (EE), with a CVSS score of 9.9. GitLab is an open-source project for a warehouse management system. It uses Git as a code management tool to access public or private projects through a web interface. This flaw is related to an authorised user who could import a maliciously crafted project leading to remote code execution. The bug was reported by security researcher vakzz
“A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authorised user could import a maliciously crafted project leading to remote code execution,” the company said in an advisory. “We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.”
GitLab also fixed 15 security vulnerabilities, including
- XSS in ZenTao integration affecting self hosted instances without strict CSP
- XSS in project settings page
- Unallowed users can read unprotected CI variables
- IP allow-list bypass to access Container Registries
- 2FA status is disclosed to unauthenticated users
- Restrict membership by email domain bypass
- IDOR in sentry issues
- Reporters can manage issues in error tracking
- CI variables provided to runners outside of a group’s restricted IP range
- Regular Expression Denial of Service via malicious web server responses
- Unauthorized read for conan repository
- Open redirect vulnerability
- Group labels are editable through subproject
- Release titles visible for any users if group milestones are associated with any project releases
- Job information is leaked to users who previously were maintainers via the Runner Jobs API endpoint
Affected version
- Gitlab CE/EE 14.0 prior to 14.10.5
- Gitlab CE/EE 15.0 prior to 15.0.4
- Gitlab CE/EE 15.1 prior to 15.1.1
Unaffected version
- Gitlab CE/EE 14.10.5
- Gitlab CE/EE 15.0.4
- Gitlab CE/EE 15.1.1
Solution
At present, GitLab has fixed the CVE-2022-2185 vulnerability in the latest version. We strongly recommend that all installations running a version affected by the issues described above are upgraded to the latest version as soon as possible.
