cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 30 of 44
CVE-2021-22178P4MEDIUMCVSS 5.0fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22178 [MEDIUM] CVE-2021-22178: gitlab - An issue has been discovered in GitLab affecting all versions starting from 13.2... An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39897P4LOWCVSS 2.6fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39897 [LOW] CVE-2021-39897: gitlab - Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup ... Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13341P4MEDIUMCVSS 4.9fixed in gitlab 13.2.10-1 (sid)2020
CVE-2020-13341 [MEDIUM] CVE-2020-13341: gitlab - An issue has been discovered in GitLab affecting all versions prior to 13.2.10, ... An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions. Scope: local sid: resolved (fixed in 13.2.10-1)
debian
CVE-2020-13358P4MEDIUMCVSS 4.7fixed in gitlab 13.3.9-1 (sid)2020
CVE-2020-13358 [MEDIUM] CVE-2020-13358: gitlab - A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.... A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, =13.3, =13.5, <13.5.2. Scope: local sid: resolved (fixed in 13.3.9-1)
debian
CVE-2022-3018P4MEDIUMCVSS 6.8fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3018 [MEDIUM] CVE-2022-3018: gitlab - An information disclosure vulnerability in GitLab CE/EE affecting all versions s... An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3514P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3514 [MEDIUM] CVE-2022-3514: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-4131P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-4131 [MEDIUM] CVE-2022-4131: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents. Scope: local sid: resolved (fixed in 15.1
debian
CVE-2023-1787P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-1787 [MEDIUM] CVE-2023-1787: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.9... An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22237P4MEDIUMCVSS 6.6fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22237 [MEDIUM] CVE-2021-22237: gitlab - Under specialized conditions, GitLab may allow a user with an impersonation toke... Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2 Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-4207P4MEDIUMCVSS 4.4fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-4207 [MEDIUM] CVE-2024-4207: gitlab - A cross-site scripting issue has been discovered in GitLab affecting all version... A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2024-7091P4MEDIUMCVSS 4.1fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-7091 [MEDIUM] CVE-2024-7091: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 15.... An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2024-4472P4MEDIUMCVSS 4.0fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-4472 [MEDIUM] CVE-2024-4472: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.... An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2018-10379P4MEDIUMCVSS 6.1fixed in gitlab 10.6.5+dfsg-1 (sid)2018
CVE-2018-10379 [MEDIUM] CVE-2018-10379: gitlab - An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition ... An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability. Scope: local sid: resolved (fixed in 10.6.5+dfsg-1)
debian
CVE-2018-16050P4MEDIUMCVSS 6.1fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-16050 [MEDIUM] CVE-2018-16050: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before... An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View. Scope: local sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2017-0923P4MEDIUMCVSS 6.1fixed in gitlab 10.5.5+dfsg-1 (sid)2017
CVE-2017-0923 [MEDIUM] CVE-2017-0923: gitlab - Gitlab Community Edition version 9.1 is vulnerable to lack of input validation i... Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)
debian
CVE-2018-14604P4MEDIUMCVSS 6.1fixed in gitlab 10.8.7+dfsg-1 (sid)2018
CVE-2018-14604 [MEDIUM] CVE-2018-14604: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7... An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline. Scope: local sid: resolved (fixed in 10.8.7+dfsg-1)
debian
CVE-2019-18451P4MEDIUMCVSS 6.1fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18451 [MEDIUM] CVE-2019-18451: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 throug... An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-18454P4MEDIUMCVSS 6.1fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18454 [MEDIUM] CVE-2019-18454: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.5 through ... An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2023-1098P4MEDIUMCVSS 5.8fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-1098 [MEDIUM] CVE-2023-1098: gitlab - An information disclosure vulnerability has been discovered in GitLab EE/CE affe... An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13345P4MEDIUMCVSS 5.5fixed in gitlab 13.2.10-1 (sid)2020
CVE-2020-13345 [MEDIUM] CVE-2020-13345: gitlab - An issue has been discovered in GitLab affecting all versions starting from 10.8... An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes Scope: local sid: resolved (fixed in 13.2.10-1)
debian
Debian Gitlab vulnerabilities | cvebase