Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 24 of 44
CVE-2025-0314P4HIGHCVSS 8.7fixed in gitlab 17.6.5-1 (sid)2025
CVE-2025-0314 [HIGH] CVE-2025-0314: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 be...
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.
Scope: local
sid: resolved (fixed in 17.6.5-1)
debian
CVE-2023-3509P4LOWCVSS 3.7fixed in gitlab 16.8.3-1 (sid)2023
CVE-2023-3509 [LOW] CVE-2023-3509: gitlab - An issue has been discovered in GitLab affecting all versions before 16.7.6, all...
An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated with projects in the group.
Scope: local
sid: resolved (fixed in 16.8.3-1)
debian
CVE-2022-3280P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3280 [LOW] CVE-2022-3280: gitlab - An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3....
An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-9178P4MEDIUMCVSS 5.3fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9178 [MEDIUM] CVE-2019-9178: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5).
Scope: local
sid: resolved (fixed in 11.8.2-2)
debian
CVE-2019-15727P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15727 [MEDIUM] CVE-2019-15727: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.2 through ...
An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-9224P4MEDIUMCVSS 5.3fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9224 [MEDIUM] CVE-2019-9224: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5).
Scope: local
sid: resolved (fixed in 11.8.2-2)
debian
CVE-2019-9170P4MEDIUMCVSS 5.3fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9170 [MEDIUM] CVE-2019-9170: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 11.8.2-2)
debian
CVE-2022-4054P4MEDIUMCVSS 5.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-4054 [MEDIUM] CVE-2022-4054: gitlab - An issue has been discovered in GitLab affecting all versions starting from 9.3 ...
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.
Scope: local
sid: re
debian
CVE-2021-22179P4MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22179 [MEDIUM] CVE-2021-22179: gitlab - A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulner...
A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39875P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39875 [MEDIUM] CVE-2021-39875: gitlab - In all versions of GitLab CE/EE since version 13.6, it is possible to see pendin...
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-1999P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1999 [LOW] CVE-2022-1999: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 pr...
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22250P4MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22250 [MEDIUM] CVE-2021-22250: gitlab - Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed...
Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-0155P4MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-0155 [MEDIUM] CVE-2023-0155: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 15.8....
An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-12275P4MEDIUMCVSS 5.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-12275 [MEDIUM] CVE-2020-12275: gitlab - GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an ...
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2021-22256P4MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22256 [MEDIUM] CVE-2021-22256: gitlab - Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed...
Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-11548P4MEDIUMCVSS 5.4fixed in gitlab 11.8.9+dfsg-1 (sid)2019
CVE-2019-11548 [MEDIUM] CVE-2019-11548: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9...
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.
Scope: local
sid: resolved (fixed in 11.8.9+dfsg-1)
debian
CVE-2021-22260P4HIGHCVSS 7.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22260 [HIGH] CVE-2021-22260: gitlab - A stored Cross-Site Scripting vulnerability in the DataDog integration in all ve...
A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3758P4MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3758 [MEDIUM] CVE-2022-3758: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.5...
An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-4007P4MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-4007 [MEDIUM] CVE-2022-4007: gitlab - A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 pri...
A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.
Scope: local
sid: resolved (fixed in 15.10.
debian
CVE-2022-3066P4MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3066 [MEDIUM] CVE-2022-3066: gitlab - An issue has been discovered in GitLab affecting all versions starting from 10.0...
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian