cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 35 of 44
CVE-2022-4365P4MEDIUMCVSS 5.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-4365 [MEDIUM] CVE-2022-4365: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page. Scope: local sid: resolved (fixed in 15.10.8+ds1-
debian
CVE-2021-39877P4HIGHCVSS 7.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39877 [HIGH] CVE-2021-39877: gitlab - A vulnerability was discovered in GitLab starting with version 12.2 that allows ... A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-4378P4MEDIUMCVSS 5.5fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-4378 [MEDIUM] CVE-2023-4378: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a resu
debian
CVE-2024-1816P4MEDIUMCVSS 5.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-1816 [MEDIUM] CVE-2024-1816: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 12.... An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI file. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-3325P4LOWCVSS 2.7fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3325 [LOW] CVE-2022-3325: gitlab - Improper access control in the GitLab CE/EE API affecting all versions starting ... Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22243P4MEDIUMCVSS 5.0fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22243 [MEDIUM] CVE-2021-22243: gitlab - Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow exis... Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-6195P4LOWCVSS 2.6fixed in gitlab 17.3.5-2 (sid)2023
CVE-2023-6195 [LOW] CVE-2023-6195: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository. Scope: local sid: resolved (fixed
debian
CVE-2020-13354P4MEDIUMCVSS 4.3fixed in gitlab 13.3.9-1 (sid)2020
CVE-2020-13354 [MEDIUM] CVE-2020-13354: gitlab - A potential DOS vulnerability was discovered in GitLab CE/EE starting with versi... A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9. Scope: local sid: resolved (fixed in 13.3.9-1)
debian
CVE-2021-39892P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39892 [MEDIUM] CVE-2021-39892: gitlab - In all versions of GitLab CE/EE since version 12.0, a lower privileged user can ... In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13287P4MEDIUMCVSS 4.3fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13287 [MEDIUM] CVE-2020-13287: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2021-22177P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22177 [MEDIUM] CVE-2021-22177: gitlab - Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or a... Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-26411P4MEDIUMCVSS 4.3fixed in gitlab 13.4.7-1 (sid)2020
CVE-2020-26411 [MEDIUM] CVE-2020-26411: gitlab - A potential DOS vulnerability was discovered in all versions of Gitlab starting ... A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to =13.5 to =13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused. Scope: local sid: resolved (fixed in 13.4.7-1)
debian
CVE-2021-22198P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22198 [MEDIUM] CVE-2021-22198: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 an... An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2018-19575P4MEDIUMCVSS 4.3fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19575 [MEDIUM] CVE-2018-19575: gitlab - GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 1... GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue. Scope: local sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2019-11544P4MEDIUMCVSS 4.3fixed in gitlab 11.8.9+dfsg-1 (sid)2019
CVE-2019-11544 [MEDIUM] CVE-2019-11544: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.... An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events. Scope: local sid: re
debian
CVE-2021-22172P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22172 [MEDIUM] CVE-2021-22172: gitlab - Improper authorization in GitLab 12.8+ allows a guest user in a private project ... Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3478P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3478 [MEDIUM] CVE-2022-3478: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.8... An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13313P4MEDIUMCVSS 4.3fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13313 [MEDIUM] CVE-2020-13313: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2022-0124P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0124 [MEDIUM] CVE-2022-0124: gitlab - An issue has been discovered affecting GitLab versions prior to 14.4.5, between ... An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-7549P4MEDIUMCVSS 4.3fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-7549 [MEDIUM] CVE-2019-7549: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x... An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job information. Scope: local sid: resolved (fixed in 11.5.10+dfsg-1)
debian
Debian Gitlab vulnerabilities | cvebase