cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 22 of 44
CVE-2024-6530P4HIGHCVSS 7.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-6530 [HIGH] CVE-2024-6530: gitlab - A cross-site scripting issue has been discovered in GitLab affecting all version... A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2024-2191P4MEDIUMCVSS 5.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-2191 [MEDIUM] CVE-2024-2191: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.... An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-2250P4MEDIUMCVSS 4.7fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2250 [MEDIUM] CVE-2022-2250: gitlab - An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 ... An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-5512P4MEDIUMCVSS 4.8fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-5512 [MEDIUM] CVE-2023-5512: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 be... An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI. Scope: local sid: resolved (fixed in 16.4.4+ds2-2
debian
CVE-2022-3572P4CRITICALCVSS 9.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3572 [CRITICAL] CVE-2022-3572: gitlab - A cross-site scripting issue has been discovered in GitLab CE/EE affecting all v... A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims. Scope: loca
debian
CVE-2023-2015P4MEDIUMCVSS 4.4fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-2015 [MEDIUM] CVE-2023-2015: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform arbitrary actions on behalf of victims. Scope: local sid: resolved (fixed i
debian
CVE-2024-1347P4MEDIUMCVSS 4.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-1347 [MEDIUM] CVE-2024-1347: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.... An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group. Scope: local sid: resolved (fixed in 17.3.5
debian
CVE-2023-0989P4MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-0989 [MEDIUM] CVE-2023-0989: gitlab - An information disclosure issue in GitLab CE/EE affecting all versions starting ... An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2023-6955P4MEDIUMCVSS 6.6fixed in gitlab 16.6.5-3 (sid)2023
CVE-2023-6955 [MEDIUM] CVE-2023-6955: gitlab - A missing authorization check vulnerability exists in GitLab Remote Development ... A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. Scope: local sid: resolved (fixed in 16.6.5-3)
debian
CVE-2019-9176P4MEDIUMCVSS 6.5fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9176 [MEDIUM] CVE-2019-9176: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF. Scope: local sid: resolved (fixed in 11.8.2-2)
debian
CVE-2020-13271P4MEDIUMCVSS 6.1fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13271 [MEDIUM] CVE-2020-13271: gitlab - A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary J... A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2022-4143P4MEDIUMCVSS 6.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-4143 [MEDIUM] CVE-2022-4143: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.7... An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-11931P4MEDIUMCVSS 6.4fixed in gitlab 17.6.5-1 (sid)2024
CVE-2024-11931 [MEDIUM] CVE-2024-11931: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint. Scope: local sid: resolved (fixed in 17.6.5-1)
debian
CVE-2025-0376P4HIGHCVSS 8.7fixed in gitlab 17.6.5-1 (sid)2025
CVE-2025-0376 [HIGH] CVE-2025-0376: gitlab - An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 pri... An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page. Scope: local sid: resolved (fixed in 17.6.5-1)
debian
CVE-2022-3513P4MEDIUMCVSS 6.1fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3513 [MEDIUM] CVE-2022-3513: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.8... An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances ru
debian
CVE-2019-5463P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-5463 [MEDIUM] CVE-2019-5463: gitlab - An authorization issue was discovered in the GitLab CE/EE CI badge images endpoi... An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-9225P4MEDIUMCVSS 5.3fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9225 [MEDIUM] CVE-2019-9225: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5). Scope: local sid: resolved (fixed in 11.8.2-2)
debian
CVE-2020-13339P4MEDIUMCVSS 5.5fixed in gitlab 13.2.10-1 (sid)2020
CVE-2020-13339 [MEDIUM] CVE-2020-13339: gitlab - An issue has been discovered in GitLab affecting all versions before 13.2.10, 13... An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted. Scope: local sid: resolved (fixed in 13.2.10-1)
debian
CVE-2021-39866P4MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39866 [MEDIUM] CVE-2021-39866: gitlab - A business logic error in the project deletion process in GitLab 13.6 and later ... A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3482P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3482 [MEDIUM] CVE-2022-3482: gitlab - An improper access control issue in GitLab CE/EE affecting all versions from 11.... An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
Debian Gitlab vulnerabilities | cvebase