CVE-2022-2185

CRITICAL NUCLEI

GitLab <14.10.5-15.1.1 - Authenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-2185. PoCs published by ESUAdmin, safe3s. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2022-2185, an authenticated RCE vulnerability in GitLab's project import functionality. It uses a man-in-the-middle proxy to intercept and modify API requests, injecting a command into the project description field during import.

Description

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.

Exploits (2)

nomisec WORKING POC 81 stars

by ESUAdmin · poc

https://github.com/ESUAdmin/CVE-2022-2185

View Code ZIP pw:eip

This PoC exploits CVE-2022-2185, an authenticated RCE vulnerability in GitLab's project import functionality. It uses a man-in-the-middle proxy to intercept and modify API requests, injecting a command into the project description field during import.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GitLab (versions affected by CVE-2022-2185)

Auth required

Prerequisites: Authenticated GitLab session · Ability to intercept/modify API requests · Target GitLab instance vulnerable to CVE-2022-2185

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec STUB 13 stars

by safe3s · poc

https://github.com/safe3s/CVE-2022-2185-poc

View Code ZIP pw:eip

The repository claims to be a PoC for CVE-2022-2185 but only contains a README with a link and an empty Python file. No functional exploit code is present.

Classification

Stub 30%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

GitLab CE/EE - Remote Code Execution

HIGHby GitLab Red Team

Shodan: http.title:"GitLab" || cpe:"cpe:2.3:a:gitlab:gitlab" || http.title:"gitlab"

FOFA: title="gitlab"

References (3)

Core 3

Core References

Broken Link x_refsource_misc

https://gitlab.com/gitlab-org/gitlab/-/issues/366088

Permissions Required, Third Party Advisory x_refsource_misc

https://hackerone.com/reports/1609965

Vendor Advisory x_refsource_confirm

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json

Scores

CVSS v3 9.9

EPSS 0.8696

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

gitlab/gitlab 15.1.0 (2 CPE variants)

gitlab/gitlab 14.0.0 - 14.10.5 (2 CPE variants)

Published Jul 01, 2022

Tracked Since Feb 18, 2026