cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 38 of 44
CVE-2023-1071P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-1071 [LOW] CVE-2023-1071: gitlab - An issue has been discovered in GitLab affecting all versions from 15.5 before 1... An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-3979P4LOWCVSS 3.1fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3979 [LOW] CVE-2023-3979: gitlab - An issue has been discovered in GitLab affecting all versions starting from 10.6... An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch. Scope: local sid: resolved (fixed in 16.4.4
debian
CVE-2024-4011P4LOWCVSS 3.1fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-4011 [LOW] CVE-2024-4011: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.... An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2020-13276P4HIGHCVSS 7.4fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13276 [HIGH] CVE-2020-13276: gitlab - User is allowed to set an email as a notification email even without verifying t... User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2019-15733P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15733 [MEDIUM] CVE-2019-15733: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 7.12 through ... An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-10116P4MEDIUMCVSS 4.3fixed in gitlab 11.8.6+dfsg-1 (sid)2019
CVE-2019-10116 [MEDIUM] CVE-2019-10116: gitlab - An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community ... An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue. Scope: local sid: resolved (fixed in 11.8.6+dfsg-1)
debian
CVE-2019-15592P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15592 [MEDIUM] CVE-2019-15592: gitlab - GitLab 12.2.2 and below contains a security vulnerability that allows a guest us... GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-15734P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15734 [MEDIUM] CVE-2019-15734: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 1... An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2021-39868P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39868 [MEDIUM] CVE-2021-39868: gitlab - In all versions of GitLab CE/EE since version 8.12, an authenticated low-privile... In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-1099P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1099 [MEDIUM] CVE-2022-1099: gitlab - Adding a very large number of tags to a runner in GitLab CE/EE affecting all ver... Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13335P4MEDIUMCVSS 4.3fixed in gitlab 13.2.10-1 (sid)2020
CVE-2020-13335 [MEDIUM] CVE-2020-13335: gitlab - Improper group membership validation when deleting a user account in GitLab >=7.... Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. Scope: local sid: resolved (fixed in 13.2.10-1)
debian
CVE-2018-19494P4MEDIUMCVSS 4.3fixed in gitlab 11.3.11+dfsg-1 (sid)2018
CVE-2018-19494 [MEDIUM] CVE-2018-19494: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.x before 1... An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names. Scope: local sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2020-13319P4MEDIUMCVSS 4.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13319 [MEDIUM] CVE-2020-13319: gitlab - An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.... An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2019-13006P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-13006 [MEDIUM] CVE-2019-13006: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 9.0 and throu... An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-13011P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-13011 [MEDIUM] CVE-2019-13011: gitlab - An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By u... An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2018-20488P4MEDIUMCVSS 4.3fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20488 [MEDIUM] CVE-2018-20488: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.4.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. Scope: local sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2021-22208P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22208 [MEDIUM] CVE-2021-22208: gitlab - An issue has been discovered in GitLab affecting versions starting with 13.5 up ... An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-12434P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-12434 [MEDIUM] CVE-2019-12434: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.6 through ... An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2020-5197P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2020
CVE-2020-5197 [MEDIUM] CVE-2020-5197: gitlab - An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition ... An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2022-1545P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1545 [MEDIUM] CVE-2022-1545: gitlab - It was possible to disclose details of confidential notes created via the API in... It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
Debian Gitlab vulnerabilities | cvebase