cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 14 of 44
CVE-2022-1936P3MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1936 [MEDIUM] CVE-2022-1936: gitlab - Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.... Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured Scope: local sid: resolved (fixed
debian
CVE-2022-1935P3MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1935 [MEDIUM] CVE-2022-1935: gitlab - Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.... Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured Scope: local sid: resolved (fixed
debian
CVE-2024-8237P3MEDIUMCVSS 6.5fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-8237 [MEDIUM] CVE-2024-8237: gitlab - A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting al... A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file. Scope: local sid: resolved (fixed in 17.5.5-1)
debian
CVE-2021-22190P3HIGHCVSS 8.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22190 [HIGH] CVE-2021-22190: gitlab - A path traversal vulnerability via the GitLab Workhorse in all versions of GitLa... A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-2181P3MEDIUMCVSS 6.3fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-2181 [MEDIUM] CVE-2023-2181: gitlab - An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.... An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-2497P3HIGHCVSS 8.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2497 [HIGH] CVE-2022-2497: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled serve
debian
CVE-2022-3613P3MEDIUMCVSS 5.8fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3613 [MEDIUM] CVE-2022-3613: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.... An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-15736P3HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15736 [HIGH] CVE-2019-15736: gitlab - An issue was discovered in GitLab Community and Enterprise Edition through 12.2.... An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2020-10954P3HIGHCVSS 7.5fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-10954 [HIGH] CVE-2020-10954: gitlab - GitLab through 12.9 is affected by a potential DoS in repository archive downloa... GitLab through 12.9 is affected by a potential DoS in repository archive download. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2017-0925P3HIGHCVSS 7.2fixed in gitlab 10.5.5+dfsg-1 (sid)2017
CVE-2017-0925 [HIGH] CVE-2017-0925: gitlab - Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently prot... Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)
debian
CVE-2018-19583P3MEDIUMCVSS 6.5fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19583 [MEDIUM] CVE-2018-19583: gitlab - GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11... GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. Scope: local sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2024-5435P3MEDIUMCVSS 4.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-5435 [MEDIUM] CVE-2024-5435: gitlab - An issue has been discovered discovered in GitLab EE/CE affecting all versions s... An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2024-2177P3MEDIUMCVSS 6.8fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-2177 [MEDIUM] CVE-2024-2177: gitlab - A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all ve... A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2019-10115P3MEDIUMCVSS 6.5fixed in gitlab 11.8.6+dfsg-1 (sid)2019
CVE-2019-10115 [MEDIUM] CVE-2019-10115: gitlab - An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community ... An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information. Scope: local sid: resolved (fixed in 11.8.6+dfsg-1)
debian
CVE-2019-6786P3MEDIUMCVSS 6.5fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6786 [MEDIUM] CVE-2019-6786: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8... An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known. Scope: local sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2021-39880P3MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39880 [MEDIUM] CVE-2021-39880: gitlab - A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab... A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware. Scope: local sid:
debian
CVE-2020-13346P3MEDIUMCVSS 6.5fixed in gitlab 13.2.10-1 (sid)2020
CVE-2020-13346 [MEDIUM] CVE-2020-13346: gitlab - Membership changes are not reflected in ToDo subscriptions in GitLab versions pr... Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. Scope: local sid: resolved (fixed in 13.2.10-1)
debian
CVE-2022-0090P3MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0090 [MEDIUM] CVE-2022-0090: gitlab - An issue has been discovered affecting GitLab versions prior to 14.4.5, between ... An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-3900P3MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3900 [MEDIUM] CVE-2023-3900: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2022-2592P3MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2592 [MEDIUM] CVE-2022-2592: gitlab - A lack of length validation in Snippet descriptions in GitLab CE/EE affecting al... A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service. Scope: local si
debian
Debian Gitlab vulnerabilities | cvebase