Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 29 of 44
CVE-2018-17975P4MEDIUMCVSS 5.3fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17975 [MEDIUM] CVE-2018-17975: gitlab - An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x b...
An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.
Scope: local
sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2019-19254P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-19254 [MEDIUM] CVE-2019-19254: gitlab - GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through...
GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2022-1121P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1121 [MEDIUM] CVE-2022-1121: gitlab - A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all vers...
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-15579P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15579 [MEDIUM] CVE-2019-15579: gitlab - An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab...
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2018-19580P4MEDIUMCVSS 5.3fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19580 [MEDIUM] CVE-2018-19580: gitlab - All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email...
All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made.
Scope: local
sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2019-15581P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15581 [MEDIUM] CVE-2019-15581: gitlab - An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition...
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2020-13338P4MEDIUMCVSS 5.4fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13338 [MEDIUM] CVE-2020-13338: gitlab - An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13....
An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2019-19257P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-19257 [MEDIUM] CVE-2019-19257: gitlab - GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incor...
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2018-20495P4MEDIUMCVSS 5.3fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20495 [MEDIUM] CVE-2018-20495: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11...
An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.
Scope: local
sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2018-20492P4MEDIUMCVSS 5.3fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20492 [MEDIUM] CVE-2018-20492: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.4.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6).
Scope: local
sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2019-15582P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15582 [MEDIUM] CVE-2019-15582: gitlab - An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community...
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-12445P4MEDIUMCVSS 5.4fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-12445 [MEDIUM] CVE-2019-12445: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 1...
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-12433P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-12433 [MEDIUM] CVE-2019-12433: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.7 through ...
An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2023-1710P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-1710 [MEDIUM] CVE-2023-1710: gitlab - A sensitive information disclosure vulnerability in GitLab affecting all version...
A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2018-20489P4MEDIUMCVSS 5.3fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20489 [MEDIUM] CVE-2018-20489: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.4.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2018-20507P4MEDIUMCVSS 5.3fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20507 [MEDIUM] CVE-2018-20507: gitlab - An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x befor...
An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2022-3818P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3818 [MEDIUM] CVE-2022-3818: gitlab - An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE aff...
An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-8647P4MEDIUMCVSS 5.4fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-8647 [MEDIUM] CVE-2024-8647: gitlab - An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6...
An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.
Scope: local
sid: resolved (fixed in 17.5.5-1)
debian
CVE-2018-17537P4MEDIUMCVSS 5.4fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17537 [MEDIUM] CVE-2018-17537: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7...
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .
Scope: local
sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2024-8179P4MEDIUMCVSS 5.4fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-8179 [MEDIUM] CVE-2024-8179: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 be...
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.
Scope: local
sid: resolved (fixed in 17.5.5-1)
debian