cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 25 of 44
CVE-2018-17453P4MEDIUMCVSS 5.3fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17453 [MEDIUM] CVE-2018-17453: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7... An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception. Scope: local sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2023-4812P4HIGHCVSS 7.6fixed in gitlab 16.6.5-3 (sid)2023
CVE-2023-4812 [HIGH] CVE-2023-4812: gitlab - An issue has been discovered in GitLab EE affecting all versions starting from 1... An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request. Scope: local sid: resolved (fixed in 16.6.5-3)
debian
CVE-2023-3500P4MEDIUMCVSS 4.8fixed in gitlab 16.0.8+ds1-1 (sid)2023
CVE-2023-3500 [MEDIUM] CVE-2023-3500: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims. Scope: local sid: resolved
debian
CVE-2022-3486P4MEDIUMCVSS 4.7fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3486 [MEDIUM] CVE-2022-3486: gitlab - An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 p... An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-2485P4MEDIUMCVSS 4.4fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-2485 [MEDIUM] CVE-2023-2485: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of. S
debian
CVE-2023-1836P4MEDIUMCVSS 4.4fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-1836 [MEDIUM] CVE-2023-1836: gitlab - A cross-site scripting issue has been discovered in GitLab affecting all version... A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances Scope: local sid: resolved (
debian
CVE-2020-13317P4MEDIUMCVSS 6.5fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13317 [MEDIUM] CVE-2020-13317: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2020-13330P4MEDIUMCVSS 4.4fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13330 [MEDIUM] CVE-2020-13330: gitlab - An issue has been discovered in GitLab affecting versions prior to 12.10.13. Git... An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2024-5430P4MEDIUMCVSS 6.8fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-5430 [MEDIUM] CVE-2024-5430: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.... An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-2761P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2761 [MEDIUM] CVE-2022-2761: gitlab - An information disclosure issue in GitLab CE/EE affecting all versions from 14.4... An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39946P4HIGHCVSS 8.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39946 [HIGH] CVE-2021-39946: gitlab - Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 1... Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22241P4HIGHCVSS 8.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22241 [HIGH] CVE-2021-22241: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2025-1198P4MEDIUMCVSS 4.2fixed in gitlab 17.6.5-1 (sid)2025
CVE-2025-1198 [MEDIUM] CVE-2025-1198: gitlab - An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 1... An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results. Scope: local sid: resolved (fixed in 17.6.5-1)
debian
CVE-2018-19493P4MEDIUMCVSS 6.1fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19493 [MEDIUM] CVE-2018-19493: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.x before 1... An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding. Scope: local sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2017-0917P4MEDIUMCVSS 6.1fixed in gitlab 10.5.5+dfsg-1 (sid)2017
CVE-2017-0917 [MEDIUM] CVE-2017-0917: gitlab - Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validatio... Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)
debian
CVE-2019-6796P4MEDIUMCVSS 6.1fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6796 [MEDIUM] CVE-2019-6796: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8... An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS. Scope: local sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2019-11547P4MEDIUMCVSS 6.1fixed in gitlab 11.8.9+dfsg-1 (sid)2019
CVE-2019-11547 [MEDIUM] CVE-2019-11547: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9... An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues. Scope: local sid: resolved (fixed in 11.8.9+dfsg-1)
debian
CVE-2022-1460P4MEDIUMCVSS 6.1fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1460 [MEDIUM] CVE-2022-1460: gitlab - An issue has been discovered in GitLab affecting all versions starting from 9.2 ... An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user. Scope: local sid: resolved (fi
debian
CVE-2019-6784P4MEDIUMCVSS 6.1fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6784 [MEDIUM] CVE-2019-6784: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8... An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS. Scope: local sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2021-22227P4MEDIUMCVSS 6.1fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22227 [MEDIUM] CVE-2021-22227: gitlab - A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 1... A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
Debian Gitlab vulnerabilities | cvebase