cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 43 of 44
CVE-2019-9179P4LOWCVSS 3.7fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9179 [LOW] CVE-2019-9179: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5). Scope: local sid: resolved (fixed in 11.8.2-2)
debian
CVE-2019-9171P4LOWCVSS 3.7fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9171 [LOW] CVE-2019-9171: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5). Scope: local sid: resolved (fixed in 11.8.2-2)
debian
CVE-2022-2307P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2307 [LOW] CVE-2022-2307: gitlab - A lack of cascading deletes in GitLab CE/EE affecting all versions starting from... A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited. Scope: local sid: resolved
debian
CVE-2024-6446P4LOWCVSS 3.5fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-6446 [LOW] CVE-2024-6446: gitlab - An issue has been discovered in GitLab affecting all versions starting from 17.1... An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2020-13308P4LOWCVSS 2.7fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13308 [LOW] CVE-2020-13308: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2023-3363P4LOWCVSS 3.9fixed in gitlab 15.11.11+ds1-1 (sid)2023
CVE-2023-3363 [LOW] CVE-2023-3363: gitlab - An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6... An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`. Scope: local sid: resolved (fixed in 15.11.11+ds1-1)
debian
CVE-2020-13282P4LOWCVSS 3.1fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13282 [LOW] CVE-2020-13282: gitlab - For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members... For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2021-39896P4LOWCVSS 3.8fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39896 [LOW] CVE-2021-39896: gitlab - In all versions of GitLab CE/EE since version 8.0, when an admin uses the impers... In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22193P4LOWCVSS 3.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22193 [LOW] CVE-2021-22193: gitlab - An issue has been discovered in GitLab affecting all versions starting with 7.1.... An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-1084P4LOWCVSS 2.7fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-1084 [LOW] CVE-2023-1084: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.... An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-2456P4MEDIUMCVSS 4.9fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2456 [MEDIUM] CVE-2022-2456: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.... An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request. Scope: local sid: resolved (fixed
debian
CVE-2021-39945P4LOWCVSS 2.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39945 [LOW] CVE-2021-39945: gitlab - Improper access control in the GitLab CE/EE API affecting all versions starting ... Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-2880P4LOWCVSS 2.7fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-2880 [LOW] CVE-2024-2880: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.... An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2021-22218P4LOWCVSS 2.6fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22218 [LOW] CVE-2021-22218: gitlab - All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions sta... All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22245P4LOWCVSS 2.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22245 [LOW] CVE-2021-22245: gitlab - Improper validation of commit author in GitLab CE/EE affecting all versions allo... Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-0231P4LOWCVSS 2.7fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-0231 [LOW] CVE-2024-0231: gitlab - A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.... A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits. Scope: local sid: resolved (fixed in 17.3.5-2)
debian
CVE-2022-1111P4LOWCVSS 2.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1111 [LOW] CVE-2022-1111: gitlab - A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to ... A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39901P4LOWCVSS 2.7fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39901 [LOW] CVE-2021-39901: gitlab - In all versions of GitLab CE/EE since version 11.10, an admin of a group can see... In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13342P4LOWCVSS 2.7fixed in gitlab 13.2.10-1 (sid)2020
CVE-2020-13342 [LOW] CVE-2020-13342: gitlab - An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3... An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email Scope: local sid: resolved (fixed in 13.2.10-1)
debian
CVE-2019-18458P4LOWCVSS 2.7fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18458 [LOW] CVE-2019-18458: gitlab - An issue was discovered in GitLab Community and Enterprise Edition through 12.4.... An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4). Scope: local sid: resolved (fixed in 12.6.8-3)
debian
Debian Gitlab vulnerabilities | cvebase