cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 28 of 44
CVE-2020-13352P4LOWCVSS 3.7fixed in gitlab 13.3.9-1 (sid)2020
CVE-2020-13352 [LOW] CVE-2020-13352: gitlab - Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when... Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, =13.4, =13.5, <13.5.2. Scope: local sid: resolved (fixed in 13.3.9-1)
debian
CVE-2021-39941P4LOWCVSS 3.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39941 [LOW] CVE-2021-39941: gitlab - An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6,... An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-15739P4MEDIUMCVSS 6.1fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15739 [MEDIUM] CVE-2019-15739: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 1... An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2022-1188P4LOWCVSS 3.7fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1188 [LOW] CVE-2022-1188: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2018-9243P4MEDIUMCVSS 6.1fixed in gitlab 10.6.3+dfsg-1 (sid)2018
CVE-2018-9243 [MEDIUM] CVE-2018-9243: gitlab - GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable t... GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7. Scope: local sid: resolved (fixed in 10.6.3+dfsg-1)
debian
CVE-2022-0489P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0489 [LOW] CVE-2022-0489: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting wit... An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2018-9244P4MEDIUMCVSS 6.1fixed in gitlab 10.6.3+dfsg-1 (sid)2018
CVE-2018-9244 [MEDIUM] CVE-2018-9244: gitlab - GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable t... GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7. Scope: local sid: resolved (fixed in 10.6.3+dfsg-1)
debian
CVE-2017-0924P4MEDIUMCVSS 6.1fixed in gitlab 10.5.5+dfsg-1 (sid)2017
CVE-2017-0924 [MEDIUM] CVE-2017-0924: gitlab - Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validatio... Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)
debian
CVE-2019-12444P4MEDIUMCVSS 6.1fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-12444 [MEDIUM] CVE-2019-12444: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 1... An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-12442P4MEDIUMCVSS 6.1fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-12442 [MEDIUM] CVE-2019-12442: gitlab - An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epi... An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2023-5831P4LOWCVSS 3.7fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-5831 [LOW] CVE-2023-5831: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab versi
debian
CVE-2022-2270P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2270 [LOW] CVE-2022-2270: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.4... An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22232P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22232 [LOW] CVE-2021-22232: gitlab - HTML injection was possible via the full name field before versions 13.11.6, 13.... HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-4201P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-4201 [LOW] CVE-2022-4201: gitlab - A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior... A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39907P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39907 [MEDIUM] CVE-2021-39907: gitlab - A potential DOS vulnerability was discovered in GitLab CE/EE starting with versi... A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39912P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39912 [MEDIUM] CVE-2021-39912: gitlab - A potential DoS vulnerability was discovered in GitLab CE/EE starting with versi... A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-26407P4MEDIUMCVSS 5.5fixed in gitlab 13.4.7-1 (sid)2020
CVE-2020-26407 [MEDIUM] CVE-2020-26407: gitlab - A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before ... A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project Scope: local sid: resolved (fixed in 13.4.7-1)
debian
CVE-2019-10111P4MEDIUMCVSS 5.4fixed in gitlab 11.8.6+dfsg-1 (sid)2019
CVE-2019-10111 [MEDIUM] CVE-2019-10111: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8... An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page. Scope: local sid: resolved (fixed in 11.8.6+dfsg-1)
debian
CVE-2020-26417P4MEDIUMCVSS 5.3fixed in gitlab 13.4.7-1 (sid)2020
CVE-2020-26417 [MEDIUM] CVE-2020-26417: gitlab - Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes privat... Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to =13.5 to =13.1 to <13.4.7. Scope: local sid: resolved (fixed in 13.4.7-1)
debian
CVE-2020-10978P4MEDIUMCVSS 5.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-10978 [MEDIUM] CVE-2020-10978: gitlab - GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public pr... GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
Debian Gitlab vulnerabilities | cvebase