cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 4 of 44
CVE-2019-15585P3CRITICALCVSS 9.8fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15585 [CRITICAL] CVE-2019-15585: gitlab - Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab C... Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-12428P3CRITICALCVSS 9.8fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-12428 [CRITICAL] CVE-2019-12428: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 1... An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2017-12426P3LOWCVSS 8.8fixed in gitlab 9.5.4+dfsg-7 (sid)2017
CVE-2017-12426 [HIGH] CVE-2017-12426: gitlab - GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x b... GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. Scope: local sid: resolved (fixed in 9.5.4+dfsg-7)
debian
CVE-2019-5883P3CRITICALCVSS 9.1fixed in gitlab 11.3.11+dfsg-1 (sid)2019
CVE-2019-5883 [CRITICAL] CVE-2019-5883: gitlab - An Incorrect Access Control issue was discovered in GitLab Community and Enterpr... An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to. Scope: local sid: resolved (fixed in 11.3.11+dfsg-1)
debian
CVE-2019-5468P3HIGHCVSS 8.8fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-5468 [HIGH] CVE-2019-5468: gitlab - An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0... An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2024-9693P3HIGHCVSS 8.5fixed in gitlab 17.3.5-3 (sid)2024
CVE-2024-9693 [HIGH] CVE-2024-9693: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.... An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations. Scope: local sid: resolved (fixed in 17.3.5-3)
debian
CVE-2020-13270P3HIGHCVSS 7.5fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13270 [HIGH] CVE-2020-13270: gitlab - Missing permission check on fork relation creation in GitLab CE/EE 11.3 and late... Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2021-22203P3HIGHCVSS 7.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22203 [HIGH] CVE-2021-22203: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-2651P3MEDIUMCVSS 6.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-2651 [MEDIUM] CVE-2024-2651: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.... An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2024-8641P3MEDIUMCVSS 6.7fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-8641 [MEDIUM] CVE-2024-8641: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CI_JOB_TOKEN to obtain a GitLab session token belonging to the victim. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2023-1708P3MEDIUMCVSS 5.7fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-1708 [MEDIUM] CVE-2023-1708: gitlab - An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to... An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-9756P3CRITICALCVSS 9.8fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9756 [CRITICAL] CVE-2019-9756: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.x (startin... An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732. Scope: local sid: resolved (fixed in 11.8.2-2)
debian
CVE-2019-9732P3CRITICALCVSS 9.8fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9732 [CRITICAL] CVE-2019-9732: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.x (startin... An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. Scope: local sid: resolved (fixed in 11.8.2-2)
debian
CVE-2020-8113P3CRITICALCVSS 9.8fixed in gitlab 12.6.8-3 (sid)2020
CVE-2020-8113 [CRITICAL] CVE-2020-8113: gitlab - GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2020-10074P3CRITICALCVSS 9.8fixed in gitlab 12.6.8-3 (sid)2020
CVE-2020-10074 [CRITICAL] CVE-2020-10074: gitlab - GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discover... GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2022-0751P3MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0751 [MEDIUM] CVE-2022-0751: gitlab - Inaccurate display of Snippet files containing special characters in all version... Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-1299P3MEDIUMCVSS 6.5fixed in gitlab 16.8.4-1 (sid)2024
CVE-2024-1299 [MEDIUM] CVE-2024-1299: gitlab - A privilege escalation vulnerability was discovered in GitLab affecting versions... A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges. Scope: local sid: resolved (fixed in 16.8.4-1)
debian
CVE-2019-15575P3HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15575 [HIGH] CVE-2019-15575: gitlab - A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 tha... A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2018-17452P3CRITICALCVSS 9.8fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17452 [CRITICAL] CVE-2018-17452: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7... An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb. Scope: local sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2024-8754P3MEDIUMCVSS 6.4fixed in gitlab 17.3.5-3 (sid)2024
CVE-2024-8754 [MEDIUM] CVE-2024-8754: gitlab - An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 ... An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured. Scope: local sid: resolved (fixed in 17.3.5-3)
debian
Debian Gitlab vulnerabilities | cvebase