cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 15 of 44
CVE-2021-22221P3MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22221 [MEDIUM] CVE-2021-22221: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.9... An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired Scope: local sid: resolved (fixed in
debian
CVE-2023-6682P3MEDIUMCVSS 6.5fixed in gitlab 17.3.5-2 (sid)2023
CVE-2023-6682 [MEDIUM] CVE-2023-6682: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS attack on the server. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2024-2874P3MEDIUMCVSS 6.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-2874 [MEDIUM] CVE-2024-2874: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 16.10... An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2024-1736P3MEDIUMCVSS 6.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-1736 [MEDIUM] CVE-2024-1736: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.... An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2024-12379P3MEDIUMCVSS 6.5fixed in gitlab 17.6.5-1 (sid)2024
CVE-2024-12379 [MEDIUM] CVE-2024-12379: gitlab - A denial of service vulnerability in GitLab CE/EE affecting all versions from 14... A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token. Scope: local sid: resolved (fixed in 17.6.5-1)
debian
CVE-2025-0194P3MEDIUMCVSS 6.5fixed in gitlab 17.5.5-1 (sid)2025
CVE-2025-0194 [MEDIUM] CVE-2025-0194: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 17.... An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner. Scope: local sid: resolved (fixed in 17.5.5-1)
debian
CVE-2023-6051P3MEDIUMCVSS 5.7fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-6051 [MEDIUM] CVE-2023-6051: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.... An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2024-6502P3MEDIUMCVSS 5.7fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-6502 [MEDIUM] CVE-2024-6502: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2... An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2019-18455P4HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18455 [HIGH] CVE-2019-18455: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11 through 12... An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2020-13274P4HIGHCVSS 7.5fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13274 [HIGH] CVE-2020-13274: gitlab - A security issue allowed achieving Denial of Service attacks through memory exha... A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2020-10089P4HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2020
CVE-2020-10089 [HIGH] CVE-2020-10089: gitlab - GitLab 8.11 through 12.8.1 allows a Denial of Service when using several feature... GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2021-22171P4HIGHCVSS 7.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22171 [HIGH] CVE-2021-22171: gitlab - Insufficient validation of authentication parameters in GitLab Pages for GitLab ... Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-16170P4HIGHCVSS 7.1fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-16170 [HIGH] CVE-2019-16170: gitlab - An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9... An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2023-3401P3MEDIUMCVSS 4.8fixed in gitlab 16.0.8+ds1-1 (sid)2023
CVE-2023-3401 [MEDIUM] CVE-2023-3401: gitlab - An issue has been discovered in GitLab affecting all versions before 16.0.8, all... An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. Scope: local sid: resolved (fixed in 16.0.8+ds1-1)
debian
CVE-2023-2232P3MEDIUMCVSS 6.5fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-2232 [MEDIUM] CVE-2023-2232: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.1... An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2019-6787P4MEDIUMCVSS 6.5fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6787 [MEDIUM] CVE-2019-6787: gitlab - An Incorrect Access Control issue was discovered in GitLab Community and Enterpr... An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users. Scope: local sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2021-39903P4MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39903 [MEDIUM] CVE-2021-39903: gitlab - In all versions of GitLab CE/EE since version 13.0, a privileged user, through a... In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-1406P4MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1406 [MEDIUM] CVE-2022-1406: gitlab - Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior... Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13324P4MEDIUMCVSS 6.5fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13324 [MEDIUM] CVE-2020-13324: gitlab - A vulnerability was discovered in GitLab versions prior to 13.1. Under certain c... A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2024-12570P4MEDIUMCVSS 6.7fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-12570 [MEDIUM] CVE-2024-12570: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab session token belonging to the victim. Scope: local sid: resolved (fixed in 17.5.5-1)
debian
Debian Gitlab vulnerabilities | cvebase