Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 26 of 44
CVE-2021-22220P4MEDIUMCVSS 6.1fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22220 [MEDIUM] CVE-2021-22220: gitlab - An issue has been discovered in GitLab affecting all versions starting with 13.1...
An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-13010P4MEDIUMCVSS 5.9fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-13010 [MEDIUM] CVE-2019-13010: gitlab - An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The col...
An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2021-22199P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22199 [LOW] CVE-2021-22199: gitlab - An issue has been discovered in GitLab affecting all versions starting with 12.9...
An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-0319P4MEDIUMCVSS 5.8fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-0319 [MEDIUM] CVE-2023-0319: gitlab - An issue has been discovered in GitLab affecting all versions starting from 13.6...
An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-2030P4LOWCVSS 3.5fixed in gitlab 16.6.5-3 (sid)2023
CVE-2023-2030 [LOW] CVE-2023-2030: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 pr...
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
Scope: local
sid: resolved (fixed in 16.6.5-3)
debian
CVE-2019-6792P4MEDIUMCVSS 5.3fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6792 [MEDIUM] CVE-2019-6792: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8...
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information.
Scope: local
sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2019-15740P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15740 [MEDIUM] CVE-2019-15740: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 1...
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-9175P4MEDIUMCVSS 5.3fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9175 [MEDIUM] CVE-2019-9175: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).
Scope: local
sid: resolved (fixed in 11.8.2-2)
debian
CVE-2021-22188P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22188 [MEDIUM] CVE-2021-22188: gitlab - An issue has been discovered in GitLab affecting all versions starting with 13.0...
An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-0167P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0167 [LOW] CVE-2022-0167: gitlab - An issue has been discovered in GitLab affecting all versions starting from 14.0...
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions.
Scope: local
sid: reso
debian
CVE-2021-22210P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22210 [MEDIUM] CVE-2021-22210: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-15578P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15578 [MEDIUM] CVE-2019-15578: gitlab - An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab...
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2020-26408P4MEDIUMCVSS 5.3fixed in gitlab 13.4.7-1 (sid)2020
CVE-2020-26408 [MEDIUM] CVE-2020-26408: gitlab - A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12...
A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to =13.5 to =13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile
Scope: local
sid: resolved (fixed in 13.4.7-1)
debian
CVE-2019-15721P4MEDIUMCVSS 5.4fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15721 [MEDIUM] CVE-2019-15721: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.8 through ...
An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2020-13289P4MEDIUMCVSS 5.4fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13289 [MEDIUM] CVE-2020-13289: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13....
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated.
Scope: local
sid: resolved (fixed in 13.2.8-1)
debian
CVE-2019-20147P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-20147 [MEDIUM] CVE-2019-20147: gitlab - An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition ...
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2021-22257P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22257 [MEDIUM] CVE-2021-22257: gitlab - An issue has been discovered in GitLab affecting all versions starting from 14.0...
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances.
Scope: local
sid: resolved (fixed in 15.
debian
CVE-2019-20148P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-20148 [MEDIUM] CVE-2019-20148: gitlab - An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition ...
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-19260P4MEDIUMCVSS 5.4fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-19260 [MEDIUM] CVE-2019-19260: gitlab - GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incor...
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2023-0523P4MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-0523 [MEDIUM] CVE-2023-0523: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.6...
An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian