cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 23 of 44
CVE-2020-13331P4MEDIUMCVSS 5.4fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13331 [MEDIUM] CVE-2020-13331: gitlab - An issue has been discovered in GitLab affecting versions prior to 12.10.13. Git... An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2020-10079P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2020
CVE-2020-10079 [MEDIUM] CVE-2020-10079: gitlab - GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain condition... GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2021-39894P4MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39894 [MEDIUM] CVE-2021-39894: gitlab - In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability... In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3870P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3870 [MEDIUM] CVE-2022-3870: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private instances that restrict public level visibility. Scope: local sid: resolv
debian
CVE-2019-11546P4MEDIUMCVSS 5.3fixed in gitlab 11.8.9+dfsg-1 (sid)2019
CVE-2019-11546 [MEDIUM] CVE-2019-11546: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9... An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge. Scope: local sid: resolved (fixed in 11.8.9+dfsg-1)
debian
CVE-2023-3922P4LOWCVSS 3.0fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3922 [LOW] CVE-2023-3922: gitlab - An issue has been discovered in GitLab affecting all versions starting from 8.15... An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2023-3949P4MEDIUMCVSS 5.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3949 [MEDIUM] CVE-2023-3949: gitlab - An issue has been discovered in GitLab affecting all versions starting from 11.3... An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members. Scop
debian
CVE-2023-7045P4MEDIUMCVSS 5.4fixed in gitlab 17.3.5-2 (sid)2023
CVE-2023-7045 [MEDIUM] CVE-2023-7045: gitlab - A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10... A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS). Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2024-7047P4HIGHCVSS 7.7fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-7047 [HIGH] CVE-2024-7047: gitlab - A cross site scripting vulnerability exists in GitLab CE/EE affecting all versio... A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-2904P4HIGHCVSS 7.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2904 [HIGH] CVE-2022-2904: gitlab - A cross-site scripting issue has been discovered in GitLab CE/EE affecting all v... A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrar
debian
CVE-2022-1431P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1431 [MEDIUM] CVE-2022-1431: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.1... An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption. Scope: local sid: resolved (fixe
debian
CVE-2020-13294P4MEDIUMCVSS 4.2fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13294 [MEDIUM] CVE-2020-13294: gitlab - In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when... In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2022-3381P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3381 [MEDIUM] CVE-2022-3381: gitlab - An issue has been discovered in GitLab affecting all versions starting from 10.0... An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3793P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3793 [MEDIUM] CVE-2022-3793: gitlab - An improper authorization issue in GitLab CE/EE affecting all versions from 14.4... An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3740P4MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3740 [MEDIUM] CVE-2022-3740: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys . Scope: local sid: resolved (fixed in 15.10.
debian
CVE-2024-4784P4MEDIUMCVSS 4.2fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-4784 [MEDIUM] CVE-2024-4784: gitlab - An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, v... An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-1433P4HIGHCVSS 8.7fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1433 [HIGH] CVE-2022-1433: gitlab - An issue has been discovered in GitLab affecting all versions starting from 14.4... An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute. Scope: local sid: resolv
debian
CVE-2023-6033P4HIGHCVSS 8.7fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-6033 [HIGH] CVE-2023-6033: gitlab - Improper neutralization of input in Jira integration configuration in GitLab CE/... Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2024-8312P4HIGHCVSS 8.7fixed in gitlab 17.5.5-2 (sid)2024
CVE-2024-8312 [HIGH] CVE-2024-8312: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 b... An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS. Scope: local sid: resolved (fixed in 17.5.5-2)
debian
CVE-2021-22223P4MEDIUMCVSS 6.1fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22223 [MEDIUM] CVE-2021-22223: gitlab - Client-Side code injection through Feature Flag name in GitLab CE/EE starting wi... Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
Debian Gitlab vulnerabilities | cvebase