Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 40 of 44
CVE-2023-1210P4LOWCVSS 3.1fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-1210 [LOW] CVE-2023-1210: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.9...
An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2024-5469P4LOWCVSS 3.1fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-5469 [LOW] CVE-2024-5469: gitlab - DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 ...
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2023-3443P4LOWCVSS 3.1fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3443 [LOW] CVE-2023-3443: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.1...
An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2024-6685P4LOWCVSS 3.1fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-6685 [LOW] CVE-2024-6685: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 16....
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2025-1540P4LOWCVSS 3.1fixed in gitlab 17.6.5-1 (sid)2025
CVE-2025-1540 [LOW] CVE-2025-1540: gitlab - An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated inst...
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."
Scope: local
sid: resolved (fixed in 17.6.5-1)
debian
CVE-2021-39910P4LOWCVSS 2.6fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39910 [LOW] CVE-2021-39910: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-2013P4LOWCVSS 2.6fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-2013 [LOW] CVE-2023-2013: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning n
debian
CVE-2023-1555P4LOWCVSS 2.7fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-1555 [LOW] CVE-2023-1555: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.2...
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2021-22239P4MEDIUMCVSS 5.0fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22239 [MEDIUM] CVE-2021-22239: gitlab - An unauthorized user was able to insert metadata when creating new issue on GitL...
An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39886P4LOWCVSS 2.6fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39886 [LOW] CVE-2021-39886: gitlab - Permissions rules were not applied while issues were moved between projects of t...
Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-4630P4MEDIUMCVSS 5.0fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-4630 [MEDIUM] CVE-2023-4630: gitlab - An issue has been discovered in GitLab affecting all versions starting from 10.6...
An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2024-8974P4LOWCVSS 2.6fixed in gitlab 17.3.5-3 (sid)2024
CVE-2024-8974 [LOW] CVE-2024-8974: gitlab - Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to...
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."
Scope: local
sid: resolved (fixed in 17.3.5-3)
debian
CVE-2021-22187P4MEDIUMCVSS 4.3fixed in gitlab 13.2.3-2 (sid)2021
CVE-2021-22187 [MEDIUM] CVE-2021-22187: gitlab - An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE be...
An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2019-5466P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-5466 [MEDIUM] CVE-2019-5466: gitlab - An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge req...
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2021-39905P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39905 [MEDIUM] CVE-2021-39905: gitlab - An information disclosure vulnerability in the GitLab CE/EE API since version 8....
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-6789P4MEDIUMCVSS 4.3fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6789 [MEDIUM] CVE-2019-6789: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8...
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user.
Scope:
debian
CVE-2019-6794P4MEDIUMCVSS 4.3fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6794 [MEDIUM] CVE-2019-6794: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8...
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch.
Scope: local
sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2020-10975P4MEDIUMCVSS 4.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-10975 [MEDIUM] CVE-2020-10975: gitlab - GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to...
GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2020-10979P4MEDIUMCVSS 4.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-10979 [MEDIUM] CVE-2020-10979: gitlab - GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines met...
GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2019-12432P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-12432 [MEDIUM] CVE-2019-12432: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.13 through ...
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian