HTTP: GitLab Community and Enterprise Edition GitHub Import Remote Code Execution
This signature detects attempts to exploit a known vulnerability against GitLab Community and Enterprise Edition. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
Affected Products
Gitlab gitlab
References
CVE: CVE-2022-2992
Short Name
HTTP:GITLAB-COMM-ENT-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-2992 Code Community Edition Enterprise Execution GitHub GitLab Import Remote and
Release Date
12/26/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3693
False Positive
Unknown
Vendors
Gitlab