cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 32 of 44
CVE-2021-39887P4HIGHCVSS 7.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39887 [HIGH] CVE-2021-39887: gitlab - A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in G... A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-1279P4LOWCVSS 2.6fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-1279 [LOW] CVE-2023-1279: gitlab - An issue has been discovered in GitLab affecting all versions starting from 4.1 ... An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2022-0283P4MEDIUMCVSS 4.7fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0283 [MEDIUM] CVE-2022-0283: gitlab - An issue has been discovered affecting GitLab versions prior to 13.5. An open re... An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-2534P4LOWCVSS 2.2fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2534 [LOW] CVE-2022-2534: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-4522P4MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-4522 [MEDIUM] CVE-2023-4522: gitlab - An issue has been discovered in GitLab affecting all versions before 16.2.0. Com... An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2022-2303P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2303 [MEDIUM] CVE-2022-2303: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.... An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA. Scope:
debian
CVE-2024-0456P4MEDIUMCVSS 4.3fixed in gitlab 16.6.6-1 (sid)2024
CVE-2024-0456 [MEDIUM] CVE-2024-0456: gitlab - An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 1... An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project Scope: local sid: resolved (fixed in 16.6.6-1)
debian
CVE-2020-13307P4LOWCVSS 3.8fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13307 [LOW] CVE-2020-13307: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2020-10091P4MEDIUMCVSS 6.1fixed in gitlab 12.6.8-3 (sid)2020
CVE-2020-10091 [MEDIUM] CVE-2020-10091: gitlab - GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was f... GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2021-39878P4MEDIUMCVSS 5.8fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39878 [MEDIUM] CVE-2021-39878: gitlab - A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in... A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-2882P4MEDIUMCVSS 5.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2882 [MEDIUM] CVE-2022-2882: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker control
debian
CVE-2019-20146P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-20146 [MEDIUM] CVE-2019-20146: gitlab - An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition ... An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2023-1265P4MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-1265 [MEDIUM] CVE-2023-1265: gitlab - An issue has been discovered in GitLab affecting all versions starting from 11.9... An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance. Scope: local sid: resolved (fixed in 15
debian
CVE-2019-9221P4MEDIUMCVSS 5.5fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9221 [MEDIUM] CVE-2019-9221: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5). Scope: local sid: resolved (fixed in 11.8.2-2)
debian
CVE-2021-22262P4MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22262 [MEDIUM] CVE-2021-22262: gitlab - Missing access control in all GitLab versions starting from 13.12 before 14.0.9,... Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration
debian
CVE-2019-18459P4MEDIUMCVSS 5.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18459 [MEDIUM] CVE-2019-18459: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 ... An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4). Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2022-0477P4MEDIUMCVSS 4.9fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0477 [MEDIUM] CVE-2022-0477: gitlab - An issue has been discovered in GitLab affecting all versions starting from 11.9... An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions. Sc
debian
CVE-2021-22186P4MEDIUMCVSS 4.9fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22186 [MEDIUM] CVE-2021-22186: gitlab - An authorization issue in GitLab CE/EE version 9.4 and up allowed a group mainta... An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13333P4MEDIUMCVSS 4.3fixed in gitlab 13.2.10-1 (sid)2020
CVE-2020-13333 [MEDIUM] CVE-2020-13333: gitlab - A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 1... A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. Scope: local sid: resolved (fixed in 13.2.10-1)
debian
CVE-2020-13328P4MEDIUMCVSS 4.8fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13328 [MEDIUM] CVE-2020-13328: gitlab - An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.... An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
Debian Gitlab vulnerabilities | cvebase