{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T13:14:25.621","vulnerabilities":[{"cve":{"id":"CVE-2022-2185","sourceIdentifier":"cve@gitlab.com","published":"2022-07-01T16:15:08.093","lastModified":"2024-11-21T07:00:30.037","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution."},{"lang":"es","value":"Se ha descubierto un problema crítico en GitLab que afecta a todas las versiones a partir de la 14.0 anterior a la 14.10.5, la 15.0 anterior a la 15.0.4 y la 15.1 anterior a la 15.1.1, en el que un usuario autenticado y autorizado a importar proyectos podría importar un proyecto malicioso que condujera a la ejecución remota de código"}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"14.0.0","versionEndExcluding":"14.10.5","matchCriteriaId":"D4B25A15-8656-43DE-B0DF-3493BB2F8FE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"14.0.0","versionEndExcluding":"14.10.5","matchCriteriaId":"53A77E6E-918F-402B-8F8D-D3843794E45B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"15.0.0","versionEndExcluding":"15.0.4","matchCriteriaId":"59BC7D90-71FE-4551-BC55-2CBDD7F037C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"15.0.0","versionEndExcluding":"15.0.4","matchCriteriaId":"18F6B2F9-8BDA-41C7-8152-70D61CCCC0B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:15.1.0:*:*:*:community:*:*:*","matchCriteriaId":"0CE56232-8EF7-428C-90F2-85803A66B664"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:15.1.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"E07D39FA-8428-4585-9A4C-55D2A1799F9E"}]}]}],"references":[{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json","source":"cve@gitlab.com","tags":["Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/366088","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/1609965","source":"cve@gitlab.com","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/366088","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/1609965","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Third Party Advisory"]}]}}]}