Collaborative Development Platform GitLab 15.3.1, 15.2.3, and 15.1.5 corrective updates resolve a critical vulnerability (CVE-2022-2884) that could allow an authenticated user with access to the GitHub import API to remotely execute code on a server . Operating details have not yet been given. The vulnerability was identified by a security researcher as part of HackerOne's vulnerability bounty program.
As a workaround, the administrator is advised to disable the import from GitHub feature (in the GitLab web interface: "Menu" -> "Admin" -> "Settings" -> "General" -> "Visibility and access controls" -> "Import sources" -> disable "GitHub").
Source: opennet.ru