cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 41 of 44
CVE-2020-10981P4MEDIUMCVSS 4.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-10981 [MEDIUM] CVE-2020-10981: gitlab - GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeli... GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2019-18446P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18446 [MEDIUM] CVE-2019-18446: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.15 through ... An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2). Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2023-3246P4MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3246 [MEDIUM] CVE-2023-3246: gitlab - An issue has been discovered in GitLab EE/CE affecting all versions starting bef... An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2024-9367P4MEDIUMCVSS 4.3fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-9367 [MEDIUM] CVE-2024-9367: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 13.... An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. Scope: local sid: resolved (fixed in 17.5.5-1)
debian
CVE-2023-4532P4MEDIUMCVSS 4.3fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-4532 [MEDIUM] CVE-2023-4532: gitlab - An issue has been discovered in GitLab affecting all versions starting from 16.2... An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of. Scope: local sid: resolved (fixed in 16.4.4+ds2-2)
debian
CVE-2025-0290P4MEDIUMCVSS 4.3fixed in gitlab 17.5.5-1 (sid)2025
CVE-2025-0290 [MEDIUM] CVE-2025-0290: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive. Scope: local sid: resolved (fixed in 17.5.5-1)
debian
CVE-2021-22231P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22231 [LOW] CVE-2021-22231: gitlab - A denial of service in user's profile page is found starting with GitLab CE/EE 8... A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-5461P4LOWCVSS 3.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-5461 [LOW] CVE-2019-5461: gitlab - An input validation problem was discovered in the GitHub service integration whi... An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2020-13305P4LOWCVSS 3.5fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13305 [LOW] CVE-2020-13305: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2022-0488P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0488 [LOW] CVE-2022-0488: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting wit... An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39914P4LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39914 [LOW] CVE-2021-39914: gitlab - A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, ... A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-12276P4MEDIUMCVSS 4.8fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-12276 [MEDIUM] CVE-2020-12276: gitlab - GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification f... GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2018-18645P4MEDIUMCVSS 4.3fixed in gitlab 11.2.8+dfsg-2 (sid)2018
CVE-2018-18645 [MEDIUM] CVE-2018-18645: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7... An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. Scope: local sid: resolved (fixed in 11.2.8+dfsg-2)
debian
CVE-2021-22258P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22258 [MEDIUM] CVE-2021-22258: gitlab - The project import/export feature in GitLab 8.9 and greater could be used to obt... The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39873P4MEDIUMCVSS 4.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39873 [MEDIUM] CVE-2021-39873: gitlab - In all versions of GitLab CE/EE, there exists a content spoofing vulnerability w... In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-15577P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15577 [MEDIUM] CVE-2019-15577: gitlab - An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.... An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-18450P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18450 [MEDIUM] CVE-2019-18450: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 12.4 i... An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-18462P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18462 [MEDIUM] CVE-2019-18462: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.3 through ... An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-18463P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18463 [MEDIUM] CVE-2019-18463: gitlab - An issue was discovered in GitLab Community and Enterprise Edition through 12.4.... An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4). Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-18447P4MEDIUMCVSS 4.3fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18447 [MEDIUM] CVE-2019-18447: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 12.4. ... An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
Debian Gitlab vulnerabilities | cvebase