cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 20 of 44
CVE-2020-13297P4LOWCVSS 3.8fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13297 [LOW] CVE-2020-13297: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2022-2907P4MEDIUMCVSS 5.7fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2907 [MEDIUM] CVE-2022-2907: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39938P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39938 [LOW] CVE-2021-39938: gitlab - A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 befor... A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22181P4HIGHCVSS 7.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22181 [HIGH] CVE-2021-22181: gitlab - A denial of service vulnerability in GitLab CE/EE affecting all versions since 1... A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39942P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39942 [MEDIUM] CVE-2021-39942: gitlab - A denial of service vulnerability in GitLab CE/EE affecting all versions startin... A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service. Scope: local sid: resolved (fixed in 15.1
debian
CVE-2024-2818P4MEDIUMCVSS 4.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-2818 [MEDIUM] CVE-2024-2818: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.... An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2019-6785P4MEDIUMCVSS 6.5fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6785 [MEDIUM] CVE-2019-6785: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8... An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service. Scope: local sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2021-39869P4MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39869 [MEDIUM] CVE-2021-39869: gitlab - In all versions of GitLab CE/EE since version 8.9, project exports may expose tr... In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13280P4MEDIUMCVSS 6.5fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13280 [MEDIUM] CVE-2020-13280: gitlab - For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to... For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2021-22216P4MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22216 [MEDIUM] CVE-2021-22216: gitlab - A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2... A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-7610P4MEDIUMCVSS 4.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-7610 [MEDIUM] CVE-2024-7610: gitlab - A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affectin... A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2021-22226P4MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22226 [MEDIUM] CVE-2021-22226: gitlab - Under certain conditions, some users were able to push to protected branches tha... Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13329P4MEDIUMCVSS 6.5fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13329 [MEDIUM] CVE-2020-13329: gitlab - An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 1... An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2024-4210P4MEDIUMCVSS 6.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-4210 [MEDIUM] CVE-2024-4210: gitlab - A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affectin... A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2019-9172P4MEDIUMCVSS 5.9fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9172 [MEDIUM] CVE-2019-9172: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5). Scope: local sid: resolved (fixed in 11.8.2-2)
debian
CVE-2018-19572P4MEDIUMCVSS 5.9fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19572 [MEDIUM] CVE-2018-19572: gitlab - GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-ti... GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. Scope: local sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2018-19577P4MEDIUMCVSS 5.3fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19577 [MEDIUM] CVE-2018-19577: gitlab - Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11... Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. Scope: local sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2019-10109P4MEDIUMCVSS 5.3fixed in gitlab 11.8.6+dfsg-1 (sid)2019
CVE-2019-10109 [MEDIUM] CVE-2019-10109: gitlab - An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community ... An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if pre
debian
CVE-2023-1178P4MEDIUMCVSS 5.7fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-1178 [MEDIUM] CVE-2023-1178: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 bef... An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. Scope: local sid: resolved
debian
CVE-2019-15726P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15726 [MEDIUM] CVE-2019-15726: gitlab - An issue was discovered in GitLab Community and Enterprise Edition through 12.2.... An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
Debian Gitlab vulnerabilities | cvebase