HTTP: GitLab Community and Enterprise Edition Project Import Command Injection

This signature detects attempts to exploit a known vulnerability against GitLab Community and Enterprise Edition. A successful attack can lead to command injection and arbitrary code execution.

Extended Description

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.

Affected Products

Gitlab gitlab

References

CVE: CVE-2022-2884

Short Name
HTTP:GITLAB-ENT-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-2185 CVE-2022-2884 Command Community Edition Enterprise GitLab Import Injection Project and
Release Date
09/13/2022
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3796
False Positive
Unknown
Vendors

Gitlab

Found a potential security threat?