cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 12 of 44
CVE-2022-4205P3MEDIUMCVSS 6.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-4205 [MEDIUM] CVE-2022-4205: gitlab - In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecim... In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2018-17451P3HIGHCVSS 8.8fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17451 [HIGH] CVE-2018-17451: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7... An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands. Scope: local sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2021-22170P3MEDIUMCVSS 6.2fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22170 [MEDIUM] CVE-2021-22170: gitlab - Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacke... Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-1733P3MEDIUMCVSS 5.8fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-1733 [MEDIUM] CVE-2023-1733: gitlab - A denial of service condition exists in the Prometheus server bundled with GitLa... A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-15722P3HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15722 [HIGH] CVE-2019-15722: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.15 through ... An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2024-9633P3LOWCVSS 3.1fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-9633 [LOW] CVE-2024-9633: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks. Scope: local sid: resolve
debian
CVE-2017-0922P3HIGHCVSS 7.5fixed in gitlab 10.5.5+dfsg-1 (sid)2017
CVE-2017-0922 [HIGH] CVE-2017-0922: gitlab - Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass ... Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)
debian
CVE-2022-1944P3MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1944 [MEDIUM] CVE-2022-1944: gitlab - When the feature is configured, improper authorization in the Interactive Web Te... When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3767P3HIGHCVSS 7.7fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3767 [HIGH] CVE-2022-3767: gitlab - Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to ... Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-6781P3HIGHCVSS 7.5fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6781 [HIGH] CVE-2019-6781: gitlab - An Improper Input Validation issue was discovered in GitLab Community and Enterp... An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails. Scope: local sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2023-4647P3MEDIUMCVSS 5.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-4647 [MEDIUM] CVE-2023-4647: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.2... An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2024-8177P3MEDIUMCVSS 5.3fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-8177 [MEDIUM] CVE-2024-8177: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 15.... An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry. Scope: local sid: resolved (fixed in 17.5.5-1)
debian
CVE-2022-2931P3HIGHCVSS 7.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2931 [HIGH] CVE-2022-2931: gitlab - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versi... A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-8233P3HIGHCVSS 7.5fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-8233 [HIGH] CVE-2024-8233: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 bef... An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request. Scope: local sid: resolved (fixed in 17.5.5-1)
debian
CVE-2020-13322P3HIGHCVSS 7.2fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13322 [HIGH] CVE-2020-13322: gitlab - A vulnerability was discovered in GitLab versions after 12.9. Due to improper ve... A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2021-22234P3CRITICALCVSS 9.6fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22234 [CRITICAL] CVE-2021-22234: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3639P3MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3639 [MEDIUM] CVE-2022-3639: gitlab - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versi... A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13315P3LOWCVSS 3.7fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13315 [LOW] CVE-2020-13315: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2020-13306P3LOWCVSS 3.7fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13306 [LOW] CVE-2020-13306: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2022-3067P3MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3067 [MEDIUM] CVE-2022-3067: gitlab - An issue has been discovered in the Import functionality of GitLab CE/EE affecti... An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID. Scope: local sid: resolved (fixed in 15.10.
debian
Debian Gitlab vulnerabilities | cvebase