Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 18 of 44
CVE-2022-0172P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0172 [MEDIUM] CVE-2022-0172: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting wit...
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-1120P4MEDIUMCVSS 4.8fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1120 [MEDIUM] CVE-2022-1120: gitlab - Missing filtering in an error message in GitLab CE/EE affecting all versions pri...
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-7060P4LOWCVSS 2.6fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-7060 [LOW] CVE-2024-7060: gitlab - An information disclosure vulnerability in GitLab CE/EE in project/group exports...
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2020-13325P4HIGHCVSS 7.1fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13325 [HIGH] CVE-2020-13325: gitlab - A vulnerability was discovered in GitLab versions prior 13.1. The comment sectio...
A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2020-26414P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2020
CVE-2020-26414 [MEDIUM] CVE-2020-26414: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.4...
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39940P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39940 [MEDIUM] CVE-2021-39940: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent.
Scope: local
sid: resolved (fixed in 15.1
debian
CVE-2021-22217P4MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22217 [MEDIUM] CVE-2021-22217: gitlab - A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2...
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39917P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39917 [MEDIUM] CVE-2021-39917: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.
Scope: local
sid: resolved (fixed in 15.
debian
CVE-2020-13310P4MEDIUMCVSS 6.5fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13310 [MEDIUM] CVE-2020-13310: gitlab - A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 a...
A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.
Scope: local
sid: resolved (fixed in 13.2.8-1)
debian
CVE-2018-8801P4MEDIUMCVSS 6.5fixed in gitlab 10.5.6+dfsg-1 (sid)2018
CVE-2018-8801 [MEDIUM] CVE-2018-8801: gitlab - GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are ...
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
Scope: local
sid: resolved (fixed in 10.5.6+dfsg-1)
debian
CVE-2020-13281P4MEDIUMCVSS 6.5fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13281 [MEDIUM] CVE-2020-13281: gitlab - For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the proj...
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2022-1185P4MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1185 [MEDIUM] CVE-2022-1185: gitlab - A denial of service vulnerability when rendering RDoc files in GitLab CE/EE vers...
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-9866P4MEDIUMCVSS 6.5fixed in gitlab 11.8.3-1 (sid)2019
CVE-2019-9866 [MEDIUM] CVE-2019-9866: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.x before 1...
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure.
Scope: local
sid: resolved (fixed in 11.8.3-1)
debian
CVE-2018-18640P4MEDIUMCVSS 6.5fixed in gitlab 11.2.8+dfsg-2 (sid)2018
CVE-2018-18640 [MEDIUM] CVE-2018-18640: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7...
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.
Scope: local
sid: resolved (fixed in 11.2.8+dfsg-2)
debian
CVE-2018-16051P4MEDIUMCVSS 6.5fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-16051 [MEDIUM] CVE-2018-16051: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6...
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.
Scope: local
sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2020-13284P4MEDIUMCVSS 6.5fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13284 [MEDIUM] CVE-2020-13284: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13....
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token
Scope: local
sid: resolved (fixed in 13.2.8-1)
debian
CVE-2023-6840P4MEDIUMCVSS 6.7fixed in gitlab 16.6.7-1 (sid)2023
CVE-2023-6840 [MEDIUM] CVE-2023-6840: gitlab - An issue has been discovered in GitLab EE affecting all versions from 16.4 prior...
An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.
Scope: local
sid: resolved (fixed in 16.6.7-1)
debian
CVE-2018-19495P4MEDIUMCVSS 6.5fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19495 [MEDIUM] CVE-2018-19495: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.3.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration.
Scope: local
sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2024-3114P4MEDIUMCVSS 4.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-3114 [MEDIUM] CVE-2024-3114: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 11....
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2019-13009P4MEDIUMCVSS 6.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-13009 [MEDIUM] CVE-2019-13009: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 1...
An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian