Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 1 of 44
CVE-2021-22205P1CRITICALCVSS 10.0KEVPoCRansomwarefixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22205 [CRITICAL] CVE-2021-22205: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-7028P1CRITICALCVSS 10.0KEVPoCfixed in gitlab 16.4.5+ds2-1 (sid)2023
CVE-2023-7028 [CRITICAL] CVE-2023-7028: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 pr...
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Scope: local
sid: resolved (fixed in 16.4.
debian
CVE-2021-22175P1MEDIUMCVSS 6.8KEVPoCfixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22175 [MEDIUM] CVE-2021-22175: gitlab - When requests to the internal network for webhooks are enabled, a server-side re...
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39935P1MEDIUMCVSS 6.8KEVPoCfixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39935 [MEDIUM] CVE-2021-39935: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-4191P1MEDIUMCVSS 5.3ExploitedPoCfixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-4191 [MEDIUM] CVE-2021-4191: gitlab - An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, ...
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22214P1MEDIUMCVSS 6.8ExploitedPoCfixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22214 [MEDIUM] CVE-2021-22214: gitlab - When requests to the internal network for webhooks are enabled, a server-side re...
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-2992P1CRITICALCVSS 9.9PoCfixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2992 [CRITICAL] CVE-2022-2992: gitlab - A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1....
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-2884P1CRITICALCVSS 9.9PoCfixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2884 [CRITICAL] CVE-2022-2884: gitlab - A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1...
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3573P2MEDIUMCVSS 5.4Exploitedfixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3573 [MEDIUM] CVE-2022-3573: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict
debian
CVE-2022-2185P2CRITICALCVSS 9.9PoCfixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2185 [CRITICAL] CVE-2022-2185: gitlab - A critical issue has been discovered in GitLab affecting all versions starting f...
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-1162P2CRITICALCVSS 9.1PoCfixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1162 [CRITICAL] CVE-2022-1162: gitlab - A hardcoded password was set for accounts registered using an OmniAuth provider ...
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-1175P3HIGHCVSS 8.7PoCfixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1175 [HIGH] CVE-2022-1175: gitlab - Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7....
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2018-19571P2HIGHCVSS 7.7PoCfixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19571 [HIGH] CVE-2018-19571: gitlab - GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 1...
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
Scope: local
sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2022-0735P2CRITICALCVSS 10.0PoCfixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0735 [CRITICAL] CVE-2022-0735: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.
Scope: local
sid: resolved
debian
CVE-2018-19585P2HIGHCVSS 7.5PoCfixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19585 [HIGH] CVE-2018-19585: gitlab - GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and ...
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
Scope: local
sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2016-4340P2HIGHCVSS 8.8PoCfixed in gitlab 8.8.2+dfsg-1 (sid)2016
CVE-2016-4340 [HIGH] CVE-2016-4340: gitlab - The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5....
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.
Scope: local
sid: resolved (fixed in 8.8.2+dfsg-1)
debian
CVE-2018-14364P2CRITICALCVSS 9.8fixed in gitlab 10.7.7+dfsg-2 (sid)2018
CVE-2018-14364 [CRITICAL] CVE-2018-14364: gitlab - GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and...
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
Scope: local
sid: resolved (fixed in 10.7.7+dfsg-2)
debian
CVE-2020-10977P3MEDIUMCVSS 5.5PoCfixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-10977 [MEDIUM] CVE-2020-10977: gitlab - GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an iss...
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2020-13340P2HIGHCVSS 8.7fixed in gitlab 13.3.9-1 (sid)2020
CVE-2020-13340 [HIGH] CVE-2020-13340: gitlab - An issue has been discovered in GitLab affecting all versions prior to 13.2.10, ...
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
Scope: local
sid: resolved (fixed in 13.3.9-1)
debian
CVE-2020-26413P3MEDIUMCVSS 5.3PoCfixed in gitlab 13.4.7-1 (sid)2020
CVE-2020-26413 [MEDIUM] CVE-2020-26413: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
Scope: local
sid: resolved (fixed in 13.4.7-1)
debian
1 / 44Next →