cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 16 of 44
CVE-2022-0549P4MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0549 [MEDIUM] CVE-2022-0549: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.... An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI. Scope: local sid: resolved (fixed in
debian
CVE-2019-5469P4MEDIUMCVSS 6.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-5469 [MEDIUM] CVE-2019-5469: gitlab - An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that al... An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2023-6688P4MEDIUMCVSS 6.5fixed in gitlab 17.3.5-2 (sid)2023
CVE-2023-6688 [MEDIUM] CVE-2023-6688: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-2512P4MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2512 [MEDIUM] CVE-2022-2512: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs. Scope: local sid: resolved (fixed in 15.10.
debian
CVE-2024-1066P4MEDIUMCVSS 6.5fixed in gitlab 16.6.7-1 (sid)2024
CVE-2024-1066 [MEDIUM] CVE-2024-1066: gitlab - An issue has been discovered in GitLab EE affecting all versions from 13.3.0 pri... An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay` Scope: local sid: resolved (fixed in 16.6.7-1)
debian
CVE-2024-1963P4MEDIUMCVSS 6.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-1963 [MEDIUM] CVE-2024-1963: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests. Scope: local sid: reso
debian
CVE-2020-13293P4MEDIUMCVSS 6.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13293 [MEDIUM] CVE-2020-13293: gitlab - In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal na... In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2024-1493P4MEDIUMCVSS 6.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-1493 [MEDIUM] CVE-2024-1493: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2... An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the server Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-0123P4MEDIUMCVSS 5.9fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0123 [MEDIUM] CVE-2022-0123: gitlab - An issue has been discovered affecting GitLab versions prior to 14.4.5, between ... An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22263P4MEDIUMCVSS 5.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22263 [MEDIUM] CVE-2021-22263: gitlab - An issue has been discovered in GitLab affecting all versions starting from 13.0... An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'I
debian
CVE-2021-22246P4HIGHCVSS 7.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22246 [HIGH] CVE-2021-22246: gitlab - A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.... A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39893P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39893 [MEDIUM] CVE-2021-39893: gitlab - A potential DOS vulnerability was discovered in GitLab starting with version 9.1... A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-9623P4MEDIUMCVSS 4.9fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-9623 [MEDIUM] CVE-2024-9623: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 8.1... An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2021-39933P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39933 [MEDIUM] CVE-2021-39933: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack. Scope: local sid: res
debian
CVE-2020-26409P4MEDIUMCVSS 4.3fixed in gitlab 13.4.7-1 (sid)2020
CVE-2020-26409 [MEDIUM] CVE-2020-26409: gitlab - A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.... A DOS vulnerability exists in Gitlab CE/EE >=10.3, =13.5, =13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. Scope: local sid: resolved (fixed in 13.4.7-1)
debian
CVE-2021-22264P4MEDIUMCVSS 6.8fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22264 [MEDIUM] CVE-2021-22264: gitlab - An issue has been discovered in GitLab affecting all versions starting from 13.8... An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under specialized conditions, an invited group member may continue to have access to a project even after the invited group, which the member was part of, is deleted. Scope: loc
debian
CVE-2021-22213P4HIGHCVSS 8.8fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22213 [HIGH] CVE-2021-22213: gitlab - A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/E... A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-15737P4MEDIUMCVSS 6.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15737 [MEDIUM] CVE-2019-15737: gitlab - An issue was discovered in GitLab Community and Enterprise Edition through 12.2.... An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-11549P4MEDIUMCVSS 6.5fixed in gitlab 11.8.9+dfsg-1 (sid)2019
CVE-2019-11549 [MEDIUM] CVE-2019-11549: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, an... An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors. Scope: local sid: resolved (fixed in 11.8.9+dfsg-1)
debian
CVE-2024-4539P4MEDIUMCVSS 4.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-4539 [MEDIUM] CVE-2024-4539: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
Debian Gitlab vulnerabilities | cvebase