Threat Advisory

GitLab Critical Security Release

August 26, 2022 | By Accorian

Recently Gitlab issued a patch for a critical remote code execution vulnerability which impacts GitLab Community Edition (CE) and Enterprise Edition (EE). The vulnerability was tracked as CVE-2022-2884 and a CVSS score of 9.9 was assigned. The issue allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.

According to Gitlab, the vulnerability affects all GitLab CE/EE versions:

  1. Starting from 11.3.4 before 15.1.5
  2. Starting from 15.2 before 15.2.3
  3. Starting from 15.3 before 15.3.1

Gitlab has requested all users to upgrade to the latest version as soon as possible. GitLab Community Edition and Enterprise Edition versions 15.3.1, 15.2.3, and 15.1.5 comes with the patch for this vulnerability. For users which are not able to upgrade immediately, it has been suggested to disable the GitHub import function from the ‘Visibility and access controls’ menu in the settings. Gitlab makes no announcement about the vulnerability being exploited in the public yet.

Accorian assures to assist all its clients. Please feel free to reach out to us if you have any questions.


Threat Advisory Team 


Recent Post

    Ready to Start?

    Shukla CPA, d.b.a Accorian Assurance is a licensed, certified public accounting firm registered with the American Institute of Pubic Accountants (AICPA) and the Public Company Accounting Oversight Board (PCAOB). Esha IT Corp d.b.a Accorian is a global leader in cybersecurity and compliance professional services.

    © 2023 Accorian. All Rights Reserved.

      Ready to Start?

      Download Case study

      Download SOC2 Guide

      Human Resources Director

      Posted On: 09 May, 2022

      Drop your CVs to

        Interested Position
        First Name
        Last Name
        Total Experience
        Mobile Number
        Upload Resume