nuclei-templates/cves/2022/CVE-2022-2185.yaml

id: CVE-2022-2185

info:
  name: GitLab CE/EE - Import RCE
  author: GitLab Red Team
  severity: high
  description: A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.
  reference:
    - https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester
    - https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2185
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2022-2185
    cwe-id: CWE-732
  metadata:
    shodan-query: http.title:"GitLab"
  tags: cve,cve2022,gitlab

requests:
  - method: GET
    path:
      - "{{BaseURL}}/users/sign_in"

    redirects: true
    max-redirects: 3
    matchers:
      - type: word
        words:
          - "003236d7e2c5f1f035dc8b67026d7583ee198b568932acd8faeac18cec673dfa"
          - "1062bbba2e9b04e360569154a8df8705a75d9e17de1a3a9acd5bd20f000fec8b"
          - "1832611738f1e31dd00a8293bbf90fce9811b3eea5b21798a63890dbc51769c8"
          - "1ae98447c220181b7bd2dfe88018cb6e1b1e4d12d7b8c224d651a48ed2d95dfe"
          - "1d765038b21c5c76ff8492561c29984f3fa5c4b8cfb3a6c7b216ac8ab18b78c7"
          - "1d840f0c4634c8813d3056f26cbab7a685d544050360a611a9df0b42371f4d98"
          - "2ea7e9be931f24ebc2a67091b0f0ff95ba18e386f3d312545bb5caaac6c1a8be"
          - "301b60d2c71a595adfb65b22edee9023961c5190e1807f6db7c597675b0a61f0"
          - "383b8952f0627703ada7774dd42f3b901ea2e499fd556fce3ae0c6d604ad72b7"
          - "4f233d907f30a050ca7e40fbd91742d444d28e50691c51b742714df8181bf4e7"
          - "50d9206410f00bb00cc8f95865ab291c718e7a026e7fdc1fc9db0480586c4bc9"
          - "515dc29796a763b500d37ec0c765957a136c9e1f1972bb52c3d7edcf4b6b8bbe"
          - "57e83f1a3cf7c0fe3cf2357802306688dab60cf6a30d00e14e67826070db92de"
          - "5cd37ee959b5338b5fb48eafc6c7290ca1fa60e653292304102cc19a16cc25e4"
          - "5df2cb13ec314995ea43d698e888ddb240dbc7ccb6e635434dc8919eced3e25f"
          - "6a58066d1bde4b6e661fbd5bde83d2dd90615ab409b8c8c36e04954fbd923424"
          - "6eb5eaa5726150b8135a4fd09118cfd6b29f128586b7fa5019a04f1c740e9193"
          - "6fa9fec63ba24ec06fcae0ec30d1369619c2c3323fe9ddc4849af86457d59eef"
          - "739a920f5840de93f944ec86c5a181d0205f1d9e679a4df1b9bf5b0882ab848a"
          - "775f130d36e9eb14cb67c6a63551511b87f78944cebcf6cdddb78292030341df"
          - "7d0792b17e1d2ccac7c6820dda1b54020b294006d7867b7d78a05060220a0213"
          - "8b78708916f28aa9e54dacf9c9c08d720837ce78d8260c36c0f828612567d353"
          - "90abf7746df5cb82bca9949de6f512de7cb10bec97d3f5103299a9ce38d5b159"
          - "95ae8966ec1e6021f2553c7d275217fcfecd5a7f0b206151c5fb701beb7baf1e"
          - "a4333a9de660b9fc4d227403f57d46ec275d6a6349a6f5bda0c9557001f87e5d"
          - "a6d68fb0380bece011b0180b2926142630414c1d7a3e268fb461c51523b63778"
          - "a743f974bacea01ccc609dcb79247598bd2896f64377ce4a9f9d0333ab7b274e"
          - "a8bf3d1210afa873d9b9af583e944bdbf5ac7c8a63f6eccc3d6795802bd380d2"
          - "ba74062de4171df6109c4c96da1ebe2b538bb6cc7cd55867cbdfba44777700e1"
          - "c91127b2698c0a2ae0103be3accffe01995b8531bf1027ae4f0a8ad099e7a209"
          - "cfa6748598b5e507db0e53906a7639e2c197a53cb57da58b0a20ed087cc0b9d5"
          - "e539e07c389f60596c92b06467c735073788196fa51331255d66ff7afde5dfee"
          - "f8ba2470fbf1e30f2ce64d34705b8e6615ac964ea84163c8a6adaaf8a91f9eac"
          - "ff058b10a8dce9956247adba2e410a7f80010a236b2269fb53e0df5cd091e61d"
        condition: or

    extractors:
      - type: regex
        group: 1
        regex:
          - '(?:application-)(\S{64})(?:\.css)'
add template for CVE-2022-2185 gitlab import rce 2022-09-14 16:27:45 +00:00			`id: CVE-2022-2185`

			`info:`
			`name: GitLab CE/EE - Import RCE`
			`author: GitLab Red Team`
Auto Generated CVE annotations [Fri Nov 11 14:58:53 UTC 2022] :robot: 2022-11-11 14:58:53 +00:00			`severity: high`
add template for CVE-2022-2185 gitlab import rce 2022-09-14 16:27:45 +00:00			`description: A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.`
			`reference:`
			`- https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester`
			`- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json`
			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2185`
			`classification:`
Auto Generated CVE annotations [Fri Nov 11 14:58:53 UTC 2022] :robot: 2022-11-11 14:58:53 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 8.8`
add template for CVE-2022-2185 gitlab import rce 2022-09-14 16:27:45 +00:00			`cve-id: CVE-2022-2185`
Auto Generated CVE annotations [Wed Sep 14 19:35:00 UTC 2022] :robot: 2022-09-14 19:35:00 +00:00			`cwe-id: CWE-732`
add template for CVE-2022-2185 gitlab import rce 2022-09-14 16:27:45 +00:00			`metadata:`
			`shodan-query: http.title:"GitLab"`
Update CVE-2022-2185.yaml 2022-11-11 19:32:49 +00:00			`tags: cve,cve2022,gitlab`
add template for CVE-2022-2185 gitlab import rce 2022-09-14 16:27:45 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/users/sign_in"`

			`redirects: true`
			`max-redirects: 3`
			`matchers:`
			`- type: word`
			`words:`
			`- "003236d7e2c5f1f035dc8b67026d7583ee198b568932acd8faeac18cec673dfa"`
			`- "1062bbba2e9b04e360569154a8df8705a75d9e17de1a3a9acd5bd20f000fec8b"`
			`- "1832611738f1e31dd00a8293bbf90fce9811b3eea5b21798a63890dbc51769c8"`
			`- "1ae98447c220181b7bd2dfe88018cb6e1b1e4d12d7b8c224d651a48ed2d95dfe"`
			`- "1d765038b21c5c76ff8492561c29984f3fa5c4b8cfb3a6c7b216ac8ab18b78c7"`
			`- "1d840f0c4634c8813d3056f26cbab7a685d544050360a611a9df0b42371f4d98"`
			`- "2ea7e9be931f24ebc2a67091b0f0ff95ba18e386f3d312545bb5caaac6c1a8be"`
			`- "301b60d2c71a595adfb65b22edee9023961c5190e1807f6db7c597675b0a61f0"`
			`- "383b8952f0627703ada7774dd42f3b901ea2e499fd556fce3ae0c6d604ad72b7"`
			`- "4f233d907f30a050ca7e40fbd91742d444d28e50691c51b742714df8181bf4e7"`
			`- "50d9206410f00bb00cc8f95865ab291c718e7a026e7fdc1fc9db0480586c4bc9"`
			`- "515dc29796a763b500d37ec0c765957a136c9e1f1972bb52c3d7edcf4b6b8bbe"`
			`- "57e83f1a3cf7c0fe3cf2357802306688dab60cf6a30d00e14e67826070db92de"`
			`- "5cd37ee959b5338b5fb48eafc6c7290ca1fa60e653292304102cc19a16cc25e4"`
			`- "5df2cb13ec314995ea43d698e888ddb240dbc7ccb6e635434dc8919eced3e25f"`
			`- "6a58066d1bde4b6e661fbd5bde83d2dd90615ab409b8c8c36e04954fbd923424"`
			`- "6eb5eaa5726150b8135a4fd09118cfd6b29f128586b7fa5019a04f1c740e9193"`
			`- "6fa9fec63ba24ec06fcae0ec30d1369619c2c3323fe9ddc4849af86457d59eef"`
			`- "739a920f5840de93f944ec86c5a181d0205f1d9e679a4df1b9bf5b0882ab848a"`
			`- "775f130d36e9eb14cb67c6a63551511b87f78944cebcf6cdddb78292030341df"`
			`- "7d0792b17e1d2ccac7c6820dda1b54020b294006d7867b7d78a05060220a0213"`
			`- "8b78708916f28aa9e54dacf9c9c08d720837ce78d8260c36c0f828612567d353"`
			`- "90abf7746df5cb82bca9949de6f512de7cb10bec97d3f5103299a9ce38d5b159"`
			`- "95ae8966ec1e6021f2553c7d275217fcfecd5a7f0b206151c5fb701beb7baf1e"`
			`- "a4333a9de660b9fc4d227403f57d46ec275d6a6349a6f5bda0c9557001f87e5d"`
			`- "a6d68fb0380bece011b0180b2926142630414c1d7a3e268fb461c51523b63778"`
			`- "a743f974bacea01ccc609dcb79247598bd2896f64377ce4a9f9d0333ab7b274e"`
			`- "a8bf3d1210afa873d9b9af583e944bdbf5ac7c8a63f6eccc3d6795802bd380d2"`
			`- "ba74062de4171df6109c4c96da1ebe2b538bb6cc7cd55867cbdfba44777700e1"`
			`- "c91127b2698c0a2ae0103be3accffe01995b8531bf1027ae4f0a8ad099e7a209"`
			`- "cfa6748598b5e507db0e53906a7639e2c197a53cb57da58b0a20ed087cc0b9d5"`
			`- "e539e07c389f60596c92b06467c735073788196fa51331255d66ff7afde5dfee"`
			`- "f8ba2470fbf1e30f2ce64d34705b8e6615ac964ea84163c8a6adaaf8a91f9eac"`
			`- "ff058b10a8dce9956247adba2e410a7f80010a236b2269fb53e0df5cd091e61d"`
			`condition: or`

			`extractors:`
			`- type: regex`
			`group: 1`
			`regex:`
			`- '(?:application-)(\S{64})(?:\.css)'`