cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 33 of 44
CVE-2021-22219P4MEDIUMCVSS 4.4fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22219 [MEDIUM] CVE-2021-22219: gitlab - All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions star... All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking. Scope: local sid: resolved (fixed in 15.10.8+ds1
debian
CVE-2021-22176P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22176 [MEDIUM] CVE-2021-22176: gitlab - An issue has been discovered in GitLab affecting all versions starting with 3.0.... An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-1417P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1417 [MEDIUM] CVE-2022-1417: gitlab - Improper access control in GitLab CE/EE affecting all versions starting from 8.1... Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39904P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39904 [MEDIUM] CVE-2021-39904: gitlab - An Improper Access Control vulnerability in the GraphQL API in all versions of G... An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request Scope: local sid:
debian
CVE-2022-1105P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1105 [MEDIUM] CVE-2022-1105: gitlab - An improper access control vulnerability in GitLab CE/EE affecting all versions ... An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-0151P4MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0151 [MEDIUM] CVE-2022-0151: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.1... An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions. Scope: local sid: resolved (fixed
debian
CVE-2024-5258P4MEDIUMCVSS 4.4fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-5258 [MEDIUM] CVE-2024-5258: gitlab - An authorization vulnerability exists within GitLab from versions 16.10 before 1... An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2023-2069P4MEDIUMCVSS 6.4fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-2069 [MEDIUM] CVE-2023-2069: gitlab - An issue has been discovered in GitLab affecting all versions starting from 10.0... An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22184P4MEDIUMCVSS 6.2fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22184 [MEDIUM] CVE-2021-22184: gitlab - An information disclosure issue in GitLab starting from version 12.8 allowed a u... An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39936P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39936 [LOW] CVE-2021-39936: gitlab - Improper access control in GitLab CE/EE affecting all versions starting from 10.... Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39891P4MEDIUMCVSS 5.9fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39891 [MEDIUM] CVE-2021-39891: gitlab - In all versions of GitLab CE/EE since version 8.0, access tokens created as part... In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13316P4MEDIUMCVSS 5.4fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13316 [MEDIUM] CVE-2020-13316: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2022-2227P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2227 [LOW] CVE-2022-2227: gitlab - Improper access control in the runner jobs API in GitLab CE/EE affecting all ver... Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3706P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3706 [LOW] CVE-2022-3706: gitlab - Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to... Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-2243P4MEDIUMCVSS 5.0fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2243 [MEDIUM] CVE-2022-2243: gitlab - An access control vulnerability in GitLab EE/CE affecting all versions from 14.8... An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22261P4HIGHCVSS 7.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22261 [HIGH] CVE-2021-22261: gitlab - A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLa... A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses Scope: local sid: resolved (fixed i
debian
CVE-2022-4462P4MEDIUMCVSS 5.0fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-4462 [MEDIUM] CVE-2022-4462: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.8... An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-2865P4HIGHCVSS 7.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2865 [HIGH] CVE-2022-2865: gitlab - A cross-site scripting issue has been discovered in GitLab CE/EE affecting all v... A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. Scope: local sid: resolve
debian
CVE-2020-13311P4MEDIUMCVSS 4.3fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13311 [MEDIUM] CVE-2020-13311: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2021-39874P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39874 [MEDIUM] CVE-2021-39874: gitlab - In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2... In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
Debian Gitlab vulnerabilities | cvebase