cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 11 of 44
CVE-2019-10640P3HIGHCVSS 7.5fixed in gitlab 11.8.6+dfsg-1 (sid)2019
CVE-2019-10640 [HIGH] CVE-2019-10640: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.7.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. Scope: local sid: resolved (fixed in 11.8.6+dfsg-1)
debian
CVE-2019-10113P3HIGHCVSS 7.5fixed in gitlab 11.8.6+dfsg-1 (sid)2019
CVE-2019-10113 [HIGH] CVE-2019-10113: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8... An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects//languages requests may allow Uncontrolled Resource Consumption. Scope: local sid: resolved (fixed in 11.8.6+dfsg-1)
debian
CVE-2024-4835P3HIGHCVSS 8.0fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-4835 [HIGH] CVE-2024-4835: gitlab - A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 bef... A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2024-6329P3MEDIUMCVSS 5.7fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-6329 [MEDIUM] CVE-2024-6329: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 8.1... An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2020-10087P3HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2020
CVE-2020-10087 [HIGH] CVE-2020-10087: gitlab - GitLab before 12.8.2 allows Information Disclosure. Badge images were not being ... GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2020-11506P3HIGHCVSS 7.5fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-11506 [HIGH] CVE-2020-11506: gitlab - An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse b... An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2018-17939P3HIGHCVSS 7.5fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17939 [HIGH] CVE-2018-17939: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before... An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint. Scope: local sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2020-10976P3HIGHCVSS 7.5fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-10976 [HIGH] CVE-2020-10976: gitlab - GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a m... GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2023-3994P3HIGHCVSS 7.5fixed in gitlab 16.0.8+ds1-1 (sid)2023
CVE-2023-3994 [HIGH] CVE-2023-3994: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint. Scope: local sid: resolved (
debian
CVE-2018-15472P3HIGHCVSS 7.5fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-15472 [HIGH] CVE-2018-15472: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7... An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout. Scope: local sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2024-9631P3HIGHCVSS 7.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-9631 [HIGH] CVE-2024-9631: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 13.... An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-1174P3MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1174 [MEDIUM] CVE-2022-1174: gitlab - A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 befor... A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc. Scope: local sid: resolved (fixed in 15.
debian
CVE-2023-0518P3MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-0518 [MEDIUM] CVE-2023-0518: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3759P3MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3759 [MEDIUM] CVE-2022-3759: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances
debian
CVE-2023-3917P3MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3917 [MEDIUM] CVE-2023-3917: gitlab - Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior ... Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2024-11828P3MEDIUMCVSS 4.3fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-11828 [MEDIUM] CVE-2024-11828: gitlab - A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all... A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch. Scope: local sid: resolved (fixed in 17.5.5-1)
debian
CVE-2023-0632P3MEDIUMCVSS 6.5fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-0632 [MEDIUM] CVE-2023-0632: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.2... An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2020-13302P3LOWCVSS 3.8fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13302 [LOW] CVE-2020-13302: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2018-14603P3HIGHCVSS 8.8fixed in gitlab 10.8.7+dfsg-1 (sid)2018
CVE-2018-14603 [HIGH] CVE-2018-14603: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7... An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component. Scope: local sid: resolved (fixed in 10.8.7+dfsg-1)
debian
CVE-2022-4138P3MEDIUMCVSS 6.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-4138 [MEDIUM] CVE-2022-4138: gitlab - A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting... A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
Debian Gitlab vulnerabilities | cvebase