Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 3 of 44
CVE-2021-22238P3MEDIUMCVSS 6.8fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22238 [MEDIUM] CVE-2021-22238: gitlab - An issue has been discovered in GitLab affecting all versions starting with 13.3...
An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2017-0918P3HIGHCVSS 8.8fixed in gitlab 10.5.5+dfsg-1 (sid)2017
CVE-2017-0918 [HIGH] CVE-2017-0918: gitlab - Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in...
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
Scope: local
sid: resolved (fixed in 10.5.5+dfsg-1)
debian
CVE-2024-2454P3MEDIUMCVSS 6.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-2454 [MEDIUM] CVE-2024-2454: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2018-19569P3HIGHCVSS 8.8fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19569 [HIGH] CVE-2018-19569: gitlab - GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11...
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.
Scope: local
sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2021-22242P3HIGHCVSS 8.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22242 [HIGH] CVE-2021-22242: gitlab - Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4...
Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-5356P3HIGHCVSS 7.3fixed in gitlab 16.6.5-3 (sid)2023
CVE-2023-5356 [HIGH] CVE-2023-5356: gitlab - Incorrect authorization checks in GitLab CE/EE from all versions starting from 8...
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.
Scope: local
sid: resolved (fixed in 16.6.5-3)
debian
CVE-2019-6783P3HIGHCVSS 8.8fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6783 [HIGH] CVE-2019-6783: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8...
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution.
Scope: local
sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2021-39890P3LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39890 [LOW] CVE-2021-39890: gitlab - It was possible to bypass 2FA for LDAP users and access some specific pages with...
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-2878P3HIGHCVSS 7.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-2878 [HIGH] CVE-2024-2878: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2018-19359P3HIGHCVSS 8.8fixed in gitlab 11.3.10+dfsg-2 (sid)2018
CVE-2018-19359 [HIGH] CVE-2018-19359: gitlab - GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11...
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 11.3.10+dfsg-2)
debian
CVE-2019-5486P3HIGHCVSS 8.8fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-5486 [HIGH] CVE-2019-5486: gitlab - A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6,...
A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2023-2164P3MEDIUMCVSS 5.4fixed in gitlab 16.0.8+ds1-1 (sid)2023
CVE-2023-2164 [MEDIUM] CVE-2023-2164: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.9...
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta.
Scope: local
sid: resolved (fixed in 16.0.8+ds1-1
debian
CVE-2023-0921P3MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-0921 [MEDIUM] CVE-2023-0921: gitlab - A lack of length validation in GitLab CE/EE affecting all versions from 8.3 befo...
A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-5207P3HIGHCVSS 8.2fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-5207 [HIGH] CVE-2023-5207: gitlab - A vulnerability was discovered in GitLab CE and EE affecting all versions starti...
A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2024-8114P3HIGHCVSS 8.2fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-8114 [HIGH] CVE-2024-8114: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 be...
An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.
Scope: local
sid: resolved (fixed in 17.5.5-1)
debian
CVE-2019-9174P3CRITICALCVSS 10.0fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9174 [CRITICAL] CVE-2019-9174: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.
Scope: local
sid: resolved (fixed in 11.8.2-2)
debian
CVE-2019-6960P3CRITICALCVSS 9.8fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6960 [CRITICAL] CVE-2019-6960: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, an...
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.
Scope: local
sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2020-13296P3MEDIUMCVSS 6.5fixed in gitlab 13.2.6-1 (sid)2020
CVE-2020-13296 [MEDIUM] CVE-2020-13296: gitlab - An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13....
An issue has been discovered in GitLab affecting versions >=10.7 =13.1.0 =13.2.0 <13.2.6. Improper Access Control for Deploy Tokens
Scope: local
sid: resolved (fixed in 13.2.6-1)
debian
CVE-2020-13300P3HIGHCVSS 8.0fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13300 [HIGH] CVE-2020-13300: gitlab - GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorizati...
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
Scope: local
sid: resolved (fixed in 13.2.8-1)
debian
CVE-2024-8970P3HIGHCVSS 8.2fixed in gitlab 17.3.5-3 (sid)2024
CVE-2024-8970 [HIGH] CVE-2024-8970: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 11....
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
Scope: local
sid: resolved (fixed in 17.3.5-3)
debian