Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 31 of 44
CVE-2019-6795P4MEDIUMCVSS 5.4fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6795 [MEDIUM] CVE-2019-6795: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8...
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering.
Scope: local
sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2018-19574P4MEDIUMCVSS 5.4fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19574 [MEDIUM] CVE-2018-19574: gitlab - GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11...
GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.
Scope: local
sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2018-19570P4MEDIUMCVSS 5.4fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19570 [MEDIUM] CVE-2018-19570: gitlab - GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before ...
GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.
Scope: local
sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2018-19573P4MEDIUMCVSS 5.4fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19573 [MEDIUM] CVE-2018-19573: gitlab - GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 1...
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.
Scope: local
sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2020-13264P4MEDIUMCVSS 5.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13264 [MEDIUM] CVE-2020-13264: gitlab - Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0....
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2018-14606P4MEDIUMCVSS 5.4fixed in gitlab 10.8.7+dfsg-1 (sid)2018
CVE-2018-14606 [MEDIUM] CVE-2018-14606: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7...
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
Scope: local
sid: resolved (fixed in 10.8.7+dfsg-1)
debian
CVE-2018-14605P4MEDIUMCVSS 5.4fixed in gitlab 10.8.7+dfsg-1 (sid)2018
CVE-2018-14605 [MEDIUM] CVE-2018-14605: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7...
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
Scope: local
sid: resolved (fixed in 10.8.7+dfsg-1)
debian
CVE-2018-12606P4MEDIUMCVSS 5.4fixed in gitlab 10.7.7+dfsg-2 (sid)2018
CVE-2018-12606 [MEDIUM] CVE-2018-12606: gitlab - An issue was discovered in GitLab Community Edition and Enterprise Edition befor...
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
Scope: local
sid: resolved (fixed in 10.7.7+dfsg-2)
debian
CVE-2018-12607P4MEDIUMCVSS 5.4fixed in gitlab 10.7.7+dfsg-2 (sid)2018
CVE-2018-12607 [MEDIUM] CVE-2018-12607: gitlab - An issue was discovered in GitLab Community Edition and Enterprise Edition befor...
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.
Scope: local
sid: resolved (fixed in 10.7.7+dfsg-2)
debian
CVE-2020-10090P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2020
CVE-2020-10090 [MEDIUM] CVE-2020-10090: gitlab - GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group co...
GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2020-10080P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2020
CVE-2020-10080 [MEDIUM] CVE-2020-10080: gitlab - GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for cer...
GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2018-12605P4MEDIUMCVSS 5.4fixed in gitlab 10.7.7+dfsg-2 (sid)2018
CVE-2018-12605 [MEDIUM] CVE-2018-12605: gitlab - An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7....
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
Scope: local
sid: resolved (fixed in 10.7.7+dfsg-2)
debian
CVE-2019-18452P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18452 [MEDIUM] CVE-2019-18452: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.3 through ...
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2018-20490P4MEDIUMCVSS 5.4fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20490 [MEDIUM] CVE-2018-20490: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.2.x throug...
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
Scope: local
sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2018-20496P4MEDIUMCVSS 5.4fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20496 [MEDIUM] CVE-2018-20496: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.2.x throug...
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
Scope: local
sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2018-20491P4MEDIUMCVSS 5.4fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20491 [MEDIUM] CVE-2018-20491: gitlab - An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11...
An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
Scope: local
sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2018-17454P4MEDIUMCVSS 5.4fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17454 [MEDIUM] CVE-2018-17454: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7...
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen.
Scope: local
sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2018-17536P4MEDIUMCVSS 5.4fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17536 [MEDIUM] CVE-2018-17536: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7...
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.
Scope: local
sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2021-39882P4MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39882 [MEDIUM] CVE-2021-39882: gitlab - In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a f...
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2018-20497P4MEDIUMCVSS 5.0fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20497 [MEDIUM] CVE-2018-20497: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.4.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.
Scope: local
sid: resolved (fixed in 11.5.6+dfsg-1)
debian