Security Advisory 2022-048

Release Date:

Critical Remote Code Execution Vulnerability in GitLab



  • 04/07/2022 --- v1.0 -- Initial publication


On June 30, 2022, GitLab released new software versions that fix several vulnerabilities [1], one of which is a critical remote command execution vulnerability identified CVE-2022-2185, with a CVSS score of 9.9 out of 10 [2].

It is highly recommended to upgrade GitLab servers to the latest available version.

Technical Details

The vulnerability exists in the Project Imports feature where an authorised user could import a maliciously crafted project leading to remote code execution.

Affected Products

The following version of GitLab Community Edition (CE) and Enterprise Edition (EE) are affected:

  • 14.0 prior to 14.10.5
  • 15.0 prior to 15.0.4
  • 15.1 prior to 15.1.1


CERT-EU strongly recommends upgrading all GitLab servers to the latest version as soon as possible.




We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.