Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 39 of 44
CVE-2018-20493P4MEDIUMCVSS 4.3fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20493 [MEDIUM] CVE-2018-20493: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.4.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2020-13326P4MEDIUMCVSS 4.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13326 [MEDIUM] CVE-2020-13326: gitlab - A vulnerability was discovered in GitLab versions prior to 13.1. Under certain c...
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2024-6324P4MEDIUMCVSS 4.3fixed in gitlab 17.5.5-2 (sid)2024
CVE-2024-6324 [MEDIUM] CVE-2024-6324: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 15....
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics.
Scope: local
sid: resolved (fixed in 17.5.5-2)
debian
CVE-2019-20145P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-20145 [MEDIUM] CVE-2019-20145: gitlab - An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition ...
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2018-20498P4MEDIUMCVSS 4.3fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20498 [MEDIUM] CVE-2018-20498: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.4.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 11.5.6+dfsg-1)
debian
CVE-2023-2001P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-2001 [MEDIUM] CVE-2023-2001: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 15.10...
An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3330P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3330 [MEDIUM] CVE-2022-3330: gitlab - It was possible for a guest user to read a todo targeting an inaccessible note i...
It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-6389P4MEDIUMCVSS 4.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-6389 [MEDIUM] CVE-2024-6389: gitlab - An issue was discovered in GitLab-CE/EE affecting all versions starting with 17....
An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2023-4317P4MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-4317 [MEDIUM] CVE-2023-4317: gitlab - An issue has been discovered in GitLab affecting all versions starting from 9.2 ...
An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2
debian
CVE-2023-5198P4MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-5198 [MEDIUM] CVE-2023-5198: gitlab - An issue has been discovered in GitLab affecting all versions prior to 16.2.7, a...
An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2023-2022P4MEDIUMCVSS 4.3fixed in gitlab 16.0.8+ds1-1 (sid)2023
CVE-2023-2022 [MEDIUM] CVE-2023-2022: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting bef...
An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge
Scope: local
sid: resolved (fixed in 16.0.8+ds1-1)
debian
CVE-2023-3920P4MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3920 [MEDIUM] CVE-2023-3920: gitlab - An issue has been discovered in GitLab affecting all versions starting from 11.2...
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2024-5005P4MEDIUMCVSS 4.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-5005 [MEDIUM] CVE-2024-5005: gitlab - An issue has been discovered discovered in GitLab EE/CE affecting all versions s...
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2024-7057P4MEDIUMCVSS 4.3fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-7057 [MEDIUM] CVE-2024-7057: gitlab - An information disclosure vulnerability in GitLab CE/EE affecting all versions s...
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2021-22197P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22197 [LOW] CVE-2021-22197: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3819P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3819 [LOW] CVE-2022-3819: gitlab - An improper authorization issue in GitLab CE/EE affecting all versions from 15.0...
An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-0120P4LOWCVSS 3.5fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-0120 [LOW] CVE-2023-0120: gitlab - An issue has been discovered in GitLab affecting all versions starting from 10.0...
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2021-39931P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39931 [LOW] CVE-2021-39931: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error.
Scope: local
sid: resolved (fixed in 15.10.8
debian
CVE-2020-13344P4MEDIUMCVSS 5.7fixed in gitlab 13.2.10-1 (sid)2020
CVE-2020-13344 [MEDIUM] CVE-2020-13344: gitlab - An issue has been discovered in GitLab affecting all versions prior to 13.2.10, ...
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis
Scope: local
sid: resolved (fixed in 13.2.10-1)
debian
CVE-2021-22211P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22211 [LOW] CVE-2021-22211: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian