cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 31 of 44
CVE-2019-6795P4MEDIUMCVSS 5.4fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6795 [MEDIUM] CVE-2019-6795: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8... An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering. Scope: local sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2018-19574P4MEDIUMCVSS 5.4fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19574 [MEDIUM] CVE-2018-19574: gitlab - GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11... GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. Scope: local sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2018-19570P4MEDIUMCVSS 5.4fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19570 [MEDIUM] CVE-2018-19570: gitlab - GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before ... GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. Scope: local sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2018-19573P4MEDIUMCVSS 5.4fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19573 [MEDIUM] CVE-2018-19573: gitlab - GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 1... GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. Scope: local sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2020-13264P4MEDIUMCVSS 5.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13264 [MEDIUM] CVE-2020-13264: gitlab - Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.... Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2018-14606P4MEDIUMCVSS 5.4fixed in gitlab 10.8.7+dfsg-1 (sid)2018
CVE-2018-14606 [MEDIUM] CVE-2018-14606: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7... An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion. Scope: local sid: resolved (fixed in 10.8.7+dfsg-1)
debian
CVE-2018-14605P4MEDIUMCVSS 5.4fixed in gitlab 10.8.7+dfsg-1 (sid)2018
CVE-2018-14605 [MEDIUM] CVE-2018-14605: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7... An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. Scope: local sid: resolved (fixed in 10.8.7+dfsg-1)
debian
CVE-2018-12606P4MEDIUMCVSS 5.4fixed in gitlab 10.7.7+dfsg-2 (sid)2018
CVE-2018-12606 [MEDIUM] CVE-2018-12606: gitlab - An issue was discovered in GitLab Community Edition and Enterprise Edition befor... An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. Scope: local sid: resolved (fixed in 10.7.7+dfsg-2)
debian
CVE-2018-12607P4MEDIUMCVSS 5.4fixed in gitlab 10.7.7+dfsg-2 (sid)2018
CVE-2018-12607 [MEDIUM] CVE-2018-12607: gitlab - An issue was discovered in GitLab Community Edition and Enterprise Edition befor... An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. Scope: local sid: resolved (fixed in 10.7.7+dfsg-2)
debian
CVE-2020-10090P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2020
CVE-2020-10090 [MEDIUM] CVE-2020-10090: gitlab - GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group co... GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2020-10080P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2020
CVE-2020-10080 [MEDIUM] CVE-2020-10080: gitlab - GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for cer... GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2018-12605P4MEDIUMCVSS 5.4fixed in gitlab 10.7.7+dfsg-2 (sid)2018
CVE-2018-12605 [MEDIUM] CVE-2018-12605: gitlab - An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.... An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter. Scope: local sid: resolved (fixed in 10.7.7+dfsg-2)
debian
CVE-2019-18452P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18452 [MEDIUM] CVE-2019-18452: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.3 through ... An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2018-20490P4MEDIUMCVSS 5.4fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20490 [MEDIUM] CVE-2018-20490: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.2.x throug... An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. Scope: local sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2018-20496P4MEDIUMCVSS 5.4fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20496 [MEDIUM] CVE-2018-20496: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.2.x throug... An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. Scope: local sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2018-20491P4MEDIUMCVSS 5.4fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20491 [MEDIUM] CVE-2018-20491: gitlab - An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11... An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. Scope: local sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2018-17454P4MEDIUMCVSS 5.4fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17454 [MEDIUM] CVE-2018-17454: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7... An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen. Scope: local sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2018-17536P4MEDIUMCVSS 5.4fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17536 [MEDIUM] CVE-2018-17536: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7... An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import. Scope: local sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2021-39882P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39882 [MEDIUM] CVE-2021-39882: gitlab - In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a f... In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2018-20497P4MEDIUMCVSS 5.0fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20497 [MEDIUM] CVE-2018-20497: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.4.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. Scope: local sid: resolved (fixed in 11.5.6+dfsg-1)
debian
Debian Gitlab vulnerabilities | cvebase