Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 19 of 44
CVE-2019-6995P4MEDIUMCVSS 6.5fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6995 [MEDIUM] CVE-2019-6995: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10....
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues.
Scope: local
sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2017-0927P4MEDIUMCVSS 6.5fixed in gitlab 10.5.5+dfsg-1 (sid)2017
CVE-2017-0927 [MEDIUM] CVE-2017-0927: gitlab - Gitlab Community Edition version 10.3 is vulnerable to an improper authorization...
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.
Scope: local
sid: resolved (fixed in 10.5.5+dfsg-1)
debian
CVE-2020-11649P4MEDIUMCVSS 6.5fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-11649 [MEDIUM] CVE-2020-11649: gitlab - An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a gr...
An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2023-3205P4MEDIUMCVSS 6.5fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3205 [MEDIUM] CVE-2023-3205: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.1...
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2023-3210P4MEDIUMCVSS 6.5fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3210 [MEDIUM] CVE-2023-3210: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.1...
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2023-5825P4MEDIUMCVSS 6.5fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-5825 [MEDIUM] CVE-2023-5825: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of
debian
CVE-2017-0882P4MEDIUMCVSS 6.3fixed in gitlab 8.13.11+dfsg-7 (sid)2017
CVE-2017-0882 [MEDIUM] CVE-2017-0882: gitlab - Multiple versions of GitLab expose sensitive user credentials when assigning a u...
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.
Scope: local
sid: resolved (fixed in 8.13.11+dfsg-7)
debian
CVE-2024-6826P4MEDIUMCVSS 6.5fixed in gitlab 17.5.5-2 (sid)2024
CVE-2024-6826 [MEDIUM] CVE-2024-6826: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 be...
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file.
Scope: local
sid: resolved (fixed in 17.5.5-2)
debian
CVE-2025-1072P4MEDIUMCVSS 6.5fixed in gitlab 17.5.5-1 (sid)2025
CVE-2025-1072 [MEDIUM] CVE-2025-1072: gitlab - A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting al...
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer.
Scope: local
sid: resolved (fixed in 17.5.5-1)
debian
CVE-2024-8041P4MEDIUMCVSS 6.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-8041 [MEDIUM] CVE-2024-8041: gitlab - A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting al...
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub importer.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2018-20501P4MEDIUMCVSS 6.3fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20501 [MEDIUM] CVE-2018-20501: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.4.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2020-10086P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2020
CVE-2020-10086 [MEDIUM] CVE-2020-10086: gitlab - GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was...
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2022-3279P4LOWCVSS 2.7fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3279 [LOW] CVE-2022-3279: gitlab - An unhandled exception in job log parsing in GitLab CE/EE affecting all versions...
An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-3958P4MEDIUMCVSS 5.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-3958 [MEDIUM] CVE-2024-3958: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 17.0....
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-4206P4MEDIUMCVSS 5.0fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-4206 [MEDIUM] CVE-2022-4206: gitlab - A sensitive information leak issue has been discovered in all versions of DAST A...
A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-15584P4MEDIUMCVSS 6.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15584 [MEDIUM] CVE-2019-15584: gitlab - A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that woul...
A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2018-17976P4MEDIUMCVSS 6.5fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17976 [MEDIUM] CVE-2018-17976: gitlab - An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x b...
An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions.
Scope: local
sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2023-3909P4MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3909 [MEDIUM] CVE-2023-3909: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2023-6678P4MEDIUMCVSS 4.3fixed in gitlab 17.3.5-2 (sid)2023
CVE-2023-6678 [MEDIUM] CVE-2023-6678: gitlab - An issue has been discovered in GitLab EE affecting all versions before 16.8.6, ...
An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2023-6502P4MEDIUMCVSS 4.3fixed in gitlab 17.3.5-2 (sid)2023
CVE-2023-6502 [MEDIUM] CVE-2023-6502: gitlab - A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affectin...
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian