Debian Gitlab vulnerabilities

1,325 known vulnerabilities affecting debian/gitlab.

Total CVEs

1,325

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL43HIGH196MEDIUM630LOW456

Vulnerabilities

Page 35 of 67

CVE-2022-1188LOWCVSS 3.7fixed in gitlab 15.10.8+ds1-2 (sid)2022

CVE-2022-1188 [LOW] CVE-2022-1188: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2022-2235LOWCVSS 8.72022

CVE-2022-2235 [HIGH] CVE-2022-2235: gitlab - Insufficient sanitization in GitLab EE's external issue tracker affecting all ve... Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link Scope: local sid: resolved

debian

CVE-2022-2531LOWCVSS 5.32022

CVE-2022-2531 [MEDIUM] CVE-2022-2531: gitlab - An issue has been discovered in GitLab EE affecting all versions starting from 1... An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerabili

debian

CVE-2022-0167LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022

CVE-2022-0167 [LOW] CVE-2022-0167: gitlab - An issue has been discovered in GitLab affecting all versions starting from 14.0... An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions. Scope: local sid: reso

debian

CVE-2022-4376LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022

CVE-2022-4376 [LOW] CVE-2022-4376: gitlab - An issue has been discovered in GitLab affecting all versions before 15.9.6, all... An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2022-0093LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2022

CVE-2022-0093 [LOW] CVE-2022-0093: gitlab - An issue has been discovered affecting GitLab versions prior to 14.4.5, between ... An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2022-0249LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022

CVE-2022-0249 [LOW] CVE-2022-0249: gitlab - A vulnerability was discovered in GitLab starting with version 12. GitLab was vu... A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2022-1999LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022

CVE-2022-1999 [LOW] CVE-2022-1999: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 pr... An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22201CRITICALCVSS 9.6fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22201 [CRITICAL] CVE-2021-22201: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22192CRITICALCVSS 9.9fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22192 [CRITICAL] CVE-2021-22192: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22205CRITICALCVSS 10.0KEVPoCfixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22205 [CRITICAL] CVE-2021-22205: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22234CRITICALCVSS 9.6fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22234 [CRITICAL] CVE-2021-22234: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22190HIGHCVSS 8.5fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22190 [HIGH] CVE-2021-22190: gitlab - A path traversal vulnerability via the GitLab Workhorse in all versions of GitLa... A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22261HIGHCVSS 7.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22261 [HIGH] CVE-2021-22261: gitlab - A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLa... A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses Scope: local sid: resolved (fixed i

debian

CVE-2021-22242HIGHCVSS 8.7fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22242 [HIGH] CVE-2021-22242: gitlab - Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4... Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22246HIGHCVSS 7.7fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22246 [HIGH] CVE-2021-22246: gitlab - A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.... A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22260HIGHCVSS 7.7fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22260 [HIGH] CVE-2021-22260: gitlab - A stored Cross-Site Scripting vulnerability in the DataDog integration in all ve... A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39944HIGHCVSS 7.1fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39944 [HIGH] CVE-2021-39944: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import Scope: local sid: resolved (fixe

debian

CVE-2021-22224HIGHCVSS 7.1fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22224 [HIGH] CVE-2021-22224: gitlab - A cross-site request forgery vulnerability in the GraphQL API in GitLab since ve... A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22171HIGHCVSS 7.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22171 [HIGH] CVE-2021-22171: gitlab - Insufficient validation of authentication parameters in GitLab Pages for GitLab ... Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

← Previous35 / 67Next →