Debian Gitlab vulnerabilities

1,325 known vulnerabilities affecting debian/gitlab.

Total CVEs

1,325

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL43HIGH196MEDIUM630LOW456

Vulnerabilities

Page 40 of 67

CVE-2021-39894MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39894 [MEDIUM] CVE-2021-39894: gitlab - In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability... In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22184MEDIUMCVSS 6.2fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22184 [MEDIUM] CVE-2021-22184: gitlab - An information disclosure issue in GitLab starting from version 12.8 allowed a u... An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22219MEDIUMCVSS 4.4fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22219 [MEDIUM] CVE-2021-22219: gitlab - All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions star... All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking. Scope: local sid: resolved (fixed in 15.10.8+ds1

debian

CVE-2021-22176MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22176 [MEDIUM] CVE-2021-22176: gitlab - An issue has been discovered in GitLab affecting all versions starting with 3.0.... An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22208MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22208 [MEDIUM] CVE-2021-22208: gitlab - An issue has been discovered in GitLab affecting versions starting with 13.5 up ... An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39930MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39930 [MEDIUM] CVE-2021-39930: gitlab - Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.... Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22237MEDIUMCVSS 6.6fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22237 [MEDIUM] CVE-2021-22237: gitlab - Under specialized conditions, GitLab may allow a user with an impersonation toke... Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2 Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39942MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39942 [MEDIUM] CVE-2021-39942: gitlab - A denial of service vulnerability in GitLab CE/EE affecting all versions startin... A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service. Scope: local sid: resolved (fixed in 15.1

debian

CVE-2021-39892MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39892 [MEDIUM] CVE-2021-39892: gitlab - In all versions of GitLab CE/EE since version 12.0, a lower privileged user can ... In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39902MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39902 [MEDIUM] CVE-2021-39902: gitlab - Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest m... Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39937MEDIUMCVSS 5.9fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39937 [MEDIUM] CVE-2021-39937: gitlab - A collision in access memoization logic in all versions of GitLab CE/EE before 1... A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39940MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39940 [MEDIUM] CVE-2021-39940: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent. Scope: local sid: resolved (fixed in 15.1

debian

CVE-2021-39932MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39932 [MEDIUM] CVE-2021-39932: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22210MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22210 [MEDIUM] CVE-2021-22210: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22196MEDIUMCVSS 6.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22196 [MEDIUM] CVE-2021-22196: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22179MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22179 [MEDIUM] CVE-2021-22179: gitlab - A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulner... A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22256MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22256 [MEDIUM] CVE-2021-22256: gitlab - Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed... Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-22257MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-22257 [MEDIUM] CVE-2021-22257: gitlab - An issue has been discovered in GitLab affecting all versions starting from 14.0... An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances. Scope: local sid: resolved (fixed in 15.

debian

CVE-2021-39872MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39872 [MEDIUM] CVE-2021-39872: gitlab - In all versions of GitLab CE/EE since version 14.1, an improper access control v... In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

CVE-2021-39945LOWCVSS 2.7fixed in gitlab 15.10.8+ds1-2 (sid)2021

CVE-2021-39945 [LOW] CVE-2021-39945: gitlab - Improper access control in the GitLab CE/EE API affecting all versions starting ... Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked Scope: local sid: resolved (fixed in 15.10.8+ds1-2)

debian

← Previous40 / 67Next →