Login Sign Up

CVE-2022-0154

7.5 HIGH
Authentication Bypass CSRF

📋 TL;DR

This Cross-Site Request Forgery (CSRF) vulnerability in GitLab allows attackers to trick authenticated users into unknowingly importing GitHub projects into their GitLab accounts. The attack requires user interaction but can lead to unauthorized project imports. All GitLab instances running affected versions are vulnerable.

💻 Affected Systems

Products:
  • GitLab Community Edition
  • GitLab Enterprise Edition
Versions: 7.7 to 14.4.4, 14.5.0 to 14.5.2, 14.6.0 to 14.6.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments including self-managed, GitLab.com, and GitLab Dedicated are affected.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could import malicious GitHub repositories containing backdoors, malware, or sensitive data into victim's GitLab accounts, potentially leading to supply chain attacks or data exfiltration.

🟠

Likely Case

Attackers trick users into importing unwanted or malicious GitHub projects, cluttering repositories and potentially introducing vulnerable code.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to minor inconvenience from unwanted imports.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction (clicking malicious link) but is straightforward once the user is authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.4.5, 14.5.3, or 14.6.2

Vendor Advisory: https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0154.json

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to GitLab 14.4.5, 14.5.3, or 14.6.2 depending on your current version. 3. Restart GitLab services. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable GitHub Import Feature

linux

Temporarily disable GitHub project imports to prevent exploitation.

gitlab-rails runner "ApplicationSetting.current.update(import_sources: ApplicationSetting.current.import_sources - ['github'])"

🧯 If You Can't Patch

  • Implement strict CSRF protection headers and validate all import requests
  • Educate users about phishing risks and suspicious GitHub import requests

🔍 How to Verify

Check if Vulnerable:

Check GitLab version via admin interface or command line. If version falls within affected ranges, system is vulnerable.

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'GitLab version'

Verify Fix Applied:

Verify GitLab version is 14.4.5, 14.5.3, 14.6.2 or higher, and test GitHub import functionality with CSRF protection enabled.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected GitHub import requests in application logs
  • Multiple import requests from same user in short timeframe

Network Indicators:

  • HTTP POST requests to /import/github without proper CSRF tokens
  • External requests to GitHub API from unexpected sources

SIEM Query:

source="gitlab" AND ("import/github" OR "GitHub import") AND status=200

📊 Metadata

CVE ID: CVE-2022-0154
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: January 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0154, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-10181 9.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimed...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)