Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 37 of 44
CVE-2022-2630P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2630 [MEDIUM] CVE-2022-2630: gitlab - An improper access control issue in GitLab CE/EE affecting all versions starting...
An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3030P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3030 [MEDIUM] CVE-2022-3030: gitlab - An improper access control issue in GitLab CE/EE affecting all versions starting...
An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-2576P4MEDIUMCVSS 4.3fixed in gitlab 15.11.11+ds1-1 (sid)2023
CVE-2023-2576 [MEDIUM] CVE-2023-2576: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch.
Scope: local
sid: resolved (fixed in 15.11.11+ds1-1)
debian
CVE-2024-4006P4MEDIUMCVSS 4.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-4006 [MEDIUM] CVE-2024-4006: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-3413P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3413 [MEDIUM] CVE-2022-3413: gitlab - Incorrect authorization during display of Audit Events in GitLab EE affecting al...
Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.
Sc
debian
CVE-2023-3964P4MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3964 [MEDIUM] CVE-2023-3964: gitlab - An issue has been discovered in GitLab affecting all versions starting from 13.2...
An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.
Scope: local
sid: resolved (fixed in 16.4.4+d
debian
CVE-2018-17450P4MEDIUMCVSS 4.3fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17450 [MEDIUM] CVE-2018-17450: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7...
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.
Scope: local
sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2023-5061P4MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-5061 [MEDIUM] CVE-2023-5061: gitlab - An issue has been discovered in GitLab affecting all versions starting from 9.3 ...
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2024-12431P4MEDIUMCVSS 4.3fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-12431 [MEDIUM] CVE-2024-12431: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 15....
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects.
Scope: local
sid: resolved (fixed in 17.5.5-1)
debian
CVE-2021-39911P4LOWCVSS 1.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39911 [LOW] CVE-2021-39911: gitlab - An improper access control flaw in all versions of GitLab CE/EE starting from 13...
An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-4289P4MEDIUMCVSS 6.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-4289 [MEDIUM] CVE-2022-4289: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.3...
An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39895P4MEDIUMCVSS 6.0fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39895 [MEDIUM] CVE-2021-39895: gitlab - In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipel...
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.
Scope: local
sid
debian
CVE-2022-0093P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0093 [LOW] CVE-2022-0093: gitlab - An issue has been discovered affecting GitLab versions prior to 14.4.5, between ...
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3288P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3288 [LOW] CVE-2022-3288: gitlab - A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2...
A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-1936P4LOWCVSS 3.5fixed in gitlab 15.11.11+ds1-1 (sid)2023
CVE-2023-1936 [LOW] CVE-2023-1936: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue.
Scope: local
sid: resolved (fixed in 15.11.11+ds1-1)
debian
CVE-2022-0344P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0344 [LOW] CVE-2022-0344: gitlab - An issue has been discovered in GitLab affecting all versions starting from 10.0...
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project
Scope: local
sid: resolv
debian
CVE-2021-22254P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22254 [LOW] CVE-2021-22254: gitlab - Under very specific conditions a user could be impersonated using Gitlab shell. ...
Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-0508P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-0508 [LOW] CVE-2023-0508: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-1189P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1189 [LOW] CVE-2022-1189: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-2233P4LOWCVSS 3.1fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-2233 [LOW] CVE-2023-2233: gitlab - An improper authorization issue has been discovered in GitLab CE/EE affecting al...
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian