Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 5 of 44
CVE-2020-13356P3HIGHCVSS 8.2fixed in gitlab 13.3.9-1 (sid)2020
CVE-2020-13356 [HIGH] CVE-2020-13356: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, =13.4, =13.5, <13.5.2.
Scope: local
sid: resolved (fixed in 13.3.9-1)
debian
CVE-2018-5158P3HIGHCVSS 8.8fixed in firefox 60.0-1 (sid)2018
CVE-2018-5158 [HIGH] CVE-2018-5158: firefox - The PDF viewer does not sufficiently sanitize PostScript calculator functions, a...
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
Scope: local
sid: resolved (fixed in 60.0-1)
debian
CVE-2020-10980P3CRITICALCVSS 9.8fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-10980 [CRITICAL] CVE-2020-10980: gitlab - GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integr...
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2019-9485P3CRITICALCVSS 9.8fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9485 [CRITICAL] CVE-2019-9485: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
Scope: local
sid: resolved (fixed in 11.8.2-2)
debian
CVE-2022-0427P3HIGHCVSS 7.7fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0427 [HIGH] CVE-2022-0427: gitlab - Missing sanitization of HTML attributes in Jupyter notebooks in all versions of ...
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-4008P3MEDIUMCVSS 5.3fixed in gitlab 16.0.8+ds1-1 (sid)2023
CVE-2023-4008 [MEDIUM] CVE-2023-4008: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.
Scope: local
sid: resolved (fixed in 16.0.8+ds1-1)
debian
CVE-2019-9217P3CRITICALCVSS 9.8fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9217 [CRITICAL] CVE-2019-9217: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.
Scope: local
sid: resolved (fixed in 11.8.2-2)
debian
CVE-2020-13292P3CRITICALCVSS 9.6fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13292 [CRITICAL] CVE-2020-13292: gitlab - In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail ver...
In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2024-4901P3HIGHCVSS 8.7fixed in gitlab 17.3.5-2 (sid)2024
CVE-2024-4901 [HIGH] CVE-2024-4901: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 16....
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes.
Scope: local
sid: resolved (fixed in 17.3.5-2)
debian
CVE-2017-0926P3HIGHCVSS 8.8fixed in gitlab 10.5.5+dfsg-1 (sid)2017
CVE-2017-0926 [HIGH] CVE-2017-0926: gitlab - Gitlab Community Edition version 10.3 is vulnerable to an improper authorization...
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
Scope: local
sid: resolved (fixed in 10.5.5+dfsg-1)
debian
CVE-2019-15589P3HIGHCVSS 8.8fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15589 [HIGH] CVE-2019-15589: gitlab - An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v...
An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2021-39937P3MEDIUMCVSS 5.9fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39937 [MEDIUM] CVE-2021-39937: gitlab - A collision in access memoization logic in all versions of GitLab CE/EE before 1...
A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13355P3HIGHCVSS 7.5fixed in gitlab 13.3.9-1 (sid)2020
CVE-2020-13355 [HIGH] CVE-2020-13355: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, =13.4, =13.5, <13.5.2.
Scope: local
sid: resolved (fixed in 13.3.9-1)
debian
CVE-2019-9218P3CRITICALCVSS 9.8fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9218 [CRITICAL] CVE-2019-9218: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5).
Scope: local
sid: resolved (fixed in 11.8.2-2)
debian
CVE-2019-12443P3CRITICALCVSS 9.8fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-12443 [CRITICAL] CVE-2019-12443: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.2 through ...
An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2022-2826P3LOWCVSS 2.7fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2826 [LOW] CVE-2022-2826: gitlab - An issue has been discovered in GitLab affecting all versions starting from 10.0...
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-0756P3MEDIUMCVSS 4.8fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-0756 [MEDIUM] CVE-2023-0756: gitlab - An issue has been discovered in GitLab affecting all versions before 15.9.6, all...
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitra
debian
CVE-2022-3726P3MEDIUMCVSS 4.8fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3726 [MEDIUM] CVE-2022-3726: gitlab - Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions ...
Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-9890P3CRITICALCVSS 9.1fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9890 [CRITICAL] CVE-2019-9890: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x...
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
Scope: local
sid: resolved (fixed in 11.8.2-2)
debian
CVE-2020-13312P3MEDIUMCVSS 6.5fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13312 [MEDIUM] CVE-2020-13312: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13....
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.
Scope: local
sid: resolved (fixed in 13.2.8-1)
debian