Debian Gitlab vulnerabilities

1,325 known vulnerabilities affecting debian/gitlab.

Total CVEs

1,325

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL43HIGH196MEDIUM630LOW456

Vulnerabilities

Page 39 of 67

CVE-2021-22188MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22188 [MEDIUM] CVE-2021-22188: gitlab - An issue has been discovered in GitLab affecting all versions starting with 13.0... An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22168MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22168 [MEDIUM] CVE-2021-22168: gitlab - A regular expression denial of service issue has been discovered in NuGet API af... A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22189MEDIUMCVSS 5.9fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22189 [MEDIUM] CVE-2021-22189: gitlab - Starting with version 13.7 the Gitlab CE/EE editions were affected by a security... Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39876MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39876 [MEDIUM] CVE-2021-39876: gitlab - In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-comple... In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39905MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39905 [MEDIUM] CVE-2021-39905: gitlab - An information disclosure vulnerability in the GitLab CE/EE API since version 8.... An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22175MEDIUMCVSS 6.8KEVPoCfixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22175 [MEDIUM] CVE-2021-22175: gitlab - When requests to the internal network for webhooks are enabled, a server-side re... When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39904MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39904 [MEDIUM] CVE-2021-39904: gitlab - An Improper Access Control vulnerability in the GraphQL API in all versions of G... An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request Scope: local sid:

debian

CVE-2021-22170MEDIUMCVSS 6.2fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22170 [MEDIUM] CVE-2021-22170: gitlab - Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacke... Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39873MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39873 [MEDIUM] CVE-2021-39873: gitlab - In all versions of GitLab CE/EE, there exists a content spoofing vulnerability w... In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39880MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39880 [MEDIUM] CVE-2021-39880: gitlab - A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab... A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware. Scope: local sid:

debian

CVE-2021-22214MEDIUMCVSS 6.8PoCfixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22214 [MEDIUM] CVE-2021-22214: gitlab - When requests to the internal network for webhooks are enabled, a server-side re... When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39917MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39917 [MEDIUM] CVE-2021-39917: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack. Scope: local sid: resolved (fixed in 15.

debian

CVE-2021-39915MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39915 [MEDIUM] CVE-2021-39915: gitlab - Improper access control in the GraphQL API in GitLab CE/EE affecting all version... Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39908MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39908 [MEDIUM] CVE-2021-39908: gitlab - In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions ... In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39878MEDIUMCVSS 5.8fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39878 [MEDIUM] CVE-2021-39878: gitlab - A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in... A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22198MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22198 [MEDIUM] CVE-2021-22198: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 an... An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39943MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39943 [MEDIUM] CVE-2021-39943: gitlab - An authorization logic error in the External Status Check API in GitLab EE affec... An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22178MEDIUMCVSS 5.0fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22178 [MEDIUM] CVE-2021-22178: gitlab - An issue has been discovered in GitLab affecting all versions starting from 13.2... An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22221MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22221 [MEDIUM] CVE-2021-22221: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.9... An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited access after their password expired Scope: local sid: resolved (fixed in

debian

CVE-2021-39934MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39934 [MEDIUM] CVE-2021-39934: gitlab - Improper access control allows any project member to retrieve the service desk e... Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

← Previous39 / 67Next →