cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 27 of 44
CVE-2023-0223P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-0223 [MEDIUM] CVE-2023-0223: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.5... An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings. Scope: local sid
debian
CVE-2020-12277P4MEDIUMCVSS 5.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-12277 [MEDIUM] CVE-2020-12277: gitlab - GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a rep... GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2024-6595P4LOWCVSS 3.0fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-6595 [LOW] CVE-2024-6595: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.... An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-2539P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2539 [MEDIUM] CVE-2022-2539: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-3362P4MEDIUMCVSS 5.3fixed in gitlab 16.0.7+ds1-2 (sid)2023
CVE-2023-3362 [MEDIUM] CVE-2023-3362: gitlab - An information disclosure issue in GitLab CE/EE affecting all versions from 16.0... An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub. Scope: local sid: resolved (fixed in 16.0.7+ds1-2)
debian
CVE-2024-8650P4MEDIUMCVSS 5.3fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-8650 [MEDIUM] CVE-2024-8650: gitlab - An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior t... An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests. Scope: local sid: resolved (fixed in 17.5.5-1)
debian
CVE-2024-8116P4MEDIUMCVSS 5.3fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-8116 [MEDIUM] CVE-2024-8116: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 be... An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names. Scope: local sid: resolved (fixed in 17.5.5-1)
debian
CVE-2020-13283P4HIGHCVSS 7.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13283 [HIGH] CVE-2020-13283: gitlab - For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability e... For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2021-22225P4MEDIUMCVSS 4.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22225 [MEDIUM] CVE-2021-22225: gitlab - Insufficient input sanitization in markdown in GitLab version 13.11 and up allow... Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22206P4MEDIUMCVSS 6.8fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22206 [MEDIUM] CVE-2021-22206: gitlab - An issue has been discovered in GitLab affecting all versions starting from 11.6... An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-1954P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1954 [MEDIUM] CVE-2022-1954: gitlab - A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting a... A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-2500P4MEDIUMCVSS 4.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2500 [MEDIUM] CVE-2022-2500: gitlab - A cross-site scripting issue has been discovered in GitLab CE/EE affecting all v... A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-1072P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-1072 [MEDIUM] CVE-2023-1072: gitlab - An issue has been discovered in GitLab affecting all versions starting from 9.0 ... An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-1416P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1416 [MEDIUM] CVE-2022-1416: gitlab - Missing sanitization of data in Pipeline error messages in GitLab CE/EE affectin... Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-4018P4MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-4018 [MEDIUM] CVE-2023-4018: gitlab - An issue has been discovered in GitLab affecting all versions starting from 16.2... An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2021-22183P4MEDIUMCVSS 4.1fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22183 [MEDIUM] CVE-2021-22183: gitlab - An issue has been discovered in GitLab affecting all versions starting with 11.8... An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-2200P4MEDIUMCVSS 4.1fixed in gitlab 15.11.11+ds1-1 (sid)2023
CVE-2023-2200 [MEDIUM] CVE-2023-2200: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field. Scope: local sid: resolved (fixed in 15.11.11+ds1-1)
debian
CVE-2021-22196P4MEDIUMCVSS 6.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22196 [MEDIUM] CVE-2021-22196: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13314P4LOWCVSS 3.7fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13314 [LOW] CVE-2020-13314: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2021-39898P4LOWCVSS 3.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39898 [LOW] CVE-2021-39898: gitlab - In all versions of GitLab CE/EE since version 10.6, a project export leaks the e... In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
Debian Gitlab vulnerabilities | cvebase