Cyber Resilience

CVE-2022-2884

CriticalPublic PoCRCE

Published: 17 October 2022

Published
17 October 2022
Modified
14 May 2025
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.3003 96.8th percentile
Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-2884 is a critical-severity OS Command Injection (CWE-78) vulnerability in Gitlab Gitlab. Its CVSS base score is 9.9 (Critical).

Operationally, ranked in the top 3.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2022-2884 is an OS command injection vulnerability, tracked as CWE-78, that affects GitLab Community Edition and Enterprise Edition. It impacts all versions from 11.3.4 up to but not including 15.1.5, as well as the 15.2.x series through 15.2.3 and the 15.3.x series through 15.3.1. The flaw resides in the Import from GitHub API endpoint and carries a CVSS 3.1 score of 9.9.

An authenticated user can send a crafted request to the affected endpoint and obtain remote code execution on the GitLab instance with the privileges of the application user. Because the attack requires only low-privileged authenticated access and no user interaction, it can be performed over the network with limited effort.

Public references, including the official GitLab CVE record and the associated security issue, indicate that the vulnerability is resolved by upgrading to the fixed releases 15.1.5, 15.2.3, or 15.3.1 and later. A working proof-of-concept exploit has been published on Packet Storm, and the issue was originally reported through HackerOne.

EPSS for this CVE rose sharply from low values to a peak of 0.7478 on 2025-12-11 before receding to the current score of 0.3003, indicating a clear surge in exploitation interest after disclosure.

EU & UK References

Vulnerability details

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gitlab
gitlab
11.3.4 — 15.1.5 · 11.3.4 — 15.1.5 · 15.2 — 15.2.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References