CVE-2022-2884

CRITICAL

GitLab CE/EE <15.1.5-15.3.1 - Authenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-2884. PoCs published by Antonio Francesco Sardella, m3ssap0.

AI-analyzed exploit summary This Python script exploits CVE-2022-2884, an authenticated RCE vulnerability in GitLab via the Import from GitHub API endpoint. It sets up a fake GitHub server to intercept and execute arbitrary commands on the target GitLab instance.

Description

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint

Exploits (2)

exploitdb WORKING POC VERIFIED

by Antonio Francesco Sardella · pythonwebappsruby

https://www.exploit-db.com/exploits/51181

View Code ZIP pw:eip

This Python script exploits CVE-2022-2884, an authenticated RCE vulnerability in GitLab via the Import from GitHub API endpoint. It sets up a fake GitHub server to intercept and execute arbitrary commands on the target GitLab instance.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GitLab CE/EE (versions 11.3.4 to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3.1)

Auth required

Prerequisites: Valid GitLab private token · Network access to the target GitLab instance · Attacker-controlled server to host the fake GitHub endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 27 stars

by m3ssap0 · poc

https://github.com/m3ssap0/gitlab_rce_cve-2022-2884