Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 34 of 44
CVE-2022-0373P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0373 [MEDIUM] CVE-2022-0373: gitlab - Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4,...
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-1193P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1193 [MEDIUM] CVE-2022-1193: gitlab - Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prio...
Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39870P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39870 [MEDIUM] CVE-2021-39870: gitlab - In all versions of GitLab CE/EE since version 11.11, an instance that has the se...
In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-0371P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0371 [MEDIUM] CVE-2022-0371: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private.
Scope: local
sid: resolved (f
debian
CVE-2021-39934P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39934 [MEDIUM] CVE-2021-39934: gitlab - Improper access control allows any project member to retrieve the service desk e...
Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39871P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39871 [MEDIUM] CVE-2021-39871: gitlab - In all versions of GitLab CE/EE since version 13.0, an instance that has the set...
In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22180P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22180 [MEDIUM] CVE-2021-22180: gitlab - An issue has been discovered in GitLab affecting all versions starting from 13.4...
An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22247P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22247 [MEDIUM] CVE-2021-22247: gitlab - Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows ...
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-2244P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2244 [MEDIUM] CVE-2022-2244: gitlab - An improper authorization vulnerability in GitLab EE/CE affecting all versions f...
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-12431P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-12431 [MEDIUM] CVE-2019-12431: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.13 through ...
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2022-2095P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2095 [MEDIUM] CVE-2022-2095: gitlab - An improper access control check in GitLab CE/EE affecting all versions starting...
An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks
debian
CVE-2022-1124P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1124 [MEDIUM] CVE-2022-1124: gitlab - An improper authorization issue has been discovered in GitLab CE/EE affecting al...
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-1204P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-1204 [MEDIUM] CVE-2023-1204: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.
Scope: local
sid: resolved (fix
debian
CVE-2022-2417P4MEDIUMCVSS 6.2fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2417 [MEDIUM] CVE-2022-2417: gitlab - Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior ...
Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the pro
debian
CVE-2023-0450P4LOWCVSS 3.7fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-0450 [LOW] CVE-2023-0450: gitlab - An issue has been discovered in GitLab affecting all versions starting from 8.1 ...
An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39927P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39927 [LOW] CVE-2021-39927: gitlab - Server side request forgery protections in GitLab CE/EE versions between 8.4 and...
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13301P4MEDIUMCVSS 5.5fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13301 [MEDIUM] CVE-2020-13301: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13....
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page.
Scope: local
sid: resolved (fixed in 13.2.8-1)
debian
CVE-2022-0740P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0740 [LOW] CVE-2022-0740: gitlab - Incorrect authorization in the Asana integration's branch restriction feature in...
Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-4376P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-4376 [LOW] CVE-2022-4376: gitlab - An issue has been discovered in GitLab affecting all versions before 15.9.6, all...
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39918P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39918 [LOW] CVE-2021-39918: gitlab - Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 b...
Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian