Enhancement: cves/2022/CVE-2022-2185.yaml by md

2023-04-07 11:43:51 -04:00 · 2023-04-07 11:43:51 -04:00 · 9ab3f220ad
parent b71cc484c2
commit 9ab3f220ad
1 changed files with 5 additions and 2 deletions
--- a/cves/2022/CVE-2022-2185.yaml
+++ b/cves/2022/CVE-2022-2185.yaml
@ -1,14 +1,15 @@
 id: CVE-2022-2185

 info:
-  name: GitLab CE/EE - Import RCE
+  name: GitLab CE/EE - Remote Code Execution
  author: GitLab Red Team
  severity: high
-  description: A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.
+  description: GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
  reference:
    - https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester
    - https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2185
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-2185
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
@ -69,3 +70,5 @@ requests:
        group: 1
        regex:
          - '(?:application-)(\S{64})(?:\.css)'
+
+# Enhanced by md on 2023/04/07