cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 21 of 44
CVE-2022-1352P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1352 [MEDIUM] CVE-2022-1352: gitlab - Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecti... Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members. Scope: local sid: re
debian
CVE-2022-3483P4MEDIUMCVSS 5.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3483 [MEDIUM] CVE-2022-3483: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker contro
debian
CVE-2021-39915P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39915 [MEDIUM] CVE-2021-39915: gitlab - Improper access control in the GraphQL API in GitLab CE/EE affecting all version... Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-1525P4MEDIUMCVSS 5.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-1525 [MEDIUM] CVE-2024-1525: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with
debian
CVE-2020-13298P4HIGHCVSS 7.2fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13298 [HIGH] CVE-2020-13298: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2021-22224P4HIGHCVSS 7.1fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22224 [HIGH] CVE-2021-22224: gitlab - A cross-site request forgery vulnerability in the GraphQL API in GitLab since ve... A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-15593P4MEDIUMCVSS 6.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15593 [MEDIUM] CVE-2019-15593: gitlab - GitLab 12.2.3 contains a security vulnerability that allows a user to affect the... GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2021-22168P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22168 [MEDIUM] CVE-2021-22168: gitlab - A regular expression denial of service issue has been discovered in NuGet API af... A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39913P4MEDIUMCVSS 4.4fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39913 [MEDIUM] CVE-2021-39913: gitlab - Accidental logging of system root password in the migration log in all versions ... Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-10952P4MEDIUMCVSS 6.5fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-10952 [MEDIUM] CVE-2020-10952: gitlab - GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images... GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2024-13041P4MEDIUMCVSS 4.2fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-13041 [MEDIUM] CVE-2024-13041: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.... An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving thos
debian
CVE-2023-5933P4MEDIUMCVSS 6.4fixed in gitlab 16.6.6-1 (sid)2023
CVE-2023-5933 [MEDIUM] CVE-2023-5933: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 b... An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests. Scope: local sid: resolved (fixed in 16.6.6-1)
debian
CVE-2024-2279P4HIGHCVSS 8.7fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-2279 [HIGH] CVE-2024-2279: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. Scope: loca
debian
CVE-2024-3092P4HIGHCVSS 8.7fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-3092 [HIGH] CVE-2024-3092: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2023-6371P4HIGHCVSS 8.7fixed in gitlab 17.3.5-2 (sid)2023
CVE-2023-6371 [HIGH] CVE-2023-6371: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.... An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2023-0042P4MEDIUMCVSS 6.1fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-0042 [MEDIUM] CVE-2023-0042: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-8648P4MEDIUMCVSS 6.1fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-8648 [MEDIUM] CVE-2024-8648: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 16 befo... An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL. Scope: local sid: resolved (fixed in 17.5.5-1)
debian
CVE-2019-14942P4MEDIUMCVSS 5.9fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-14942 [MEDIUM] CVE-2019-14942: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.11.... An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2024-5528P4LOWCVSS 3.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-5528 [LOW] CVE-2024-5528: gitlab - An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6,... An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-1963P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1963 [MEDIUM] CVE-2022-1963: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users. Scope: local sid: resolved (fixed in 15.10.8+d
debian
Debian Gitlab vulnerabilities | cvebase