Debian Gitlab vulnerabilities

1,325 known vulnerabilities affecting debian/gitlab.

Total CVEs
1,325
CISA KEV
4
actively exploited
Public exploits
22
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH196MEDIUM630LOW456

Vulnerabilities

Page 50 of 67
CVE-2020-7972LOWCVSS 7.52020
CVE-2020-7972 [HIGH] CVE-2020-7972: gitlab - GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). Scope: local sid: resolved
debian
CVE-2020-13305LOWCVSS 3.5fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13305 [LOW] CVE-2020-13305: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2020-13348LOWCVSS 5.72020
CVE-2020-13348 [MEDIUM] CVE-2020-13348: gitlab - An issue has been discovered in GitLab EE affecting all versions starting from 1... An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, =13.4, =13.5, <13.5.2. Scope: local sid: resolved
debian
CVE-2020-6833LOWCVSS 7.52020
CVE-2020-6833 [HIGH] CVE-2020-6833: gitlab - An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass c... An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. Scope: local sid: resolved
debian
CVE-2020-13342LOWCVSS 2.7fixed in gitlab 13.2.10-1 (sid)2020
CVE-2020-13342 [LOW] CVE-2020-13342: gitlab - An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3... An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email Scope: local sid: resolved (fixed in 13.2.10-1)
debian
CVE-2020-13267LOWCVSS 6.12020
CVE-2020-13267 [MEDIUM] CVE-2020-13267: gitlab - A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript ... A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 Scope: local sid: resolved
debian
CVE-2020-10073LOWCVSS 7.52020
CVE-2020-10073 [HIGH] CVE-2020-10073: gitlab - GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally disc... GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page. Scope: local sid: resolved
debian
CVE-2020-13297LOWCVSS 3.8fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13297 [LOW] CVE-2020-13297: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2020-10088LOWCVSS 8.12020
CVE-2020-10088 [HIGH] CVE-2020-10088: gitlab - GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular gro... GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. Scope: local sid: resolved
debian
CVE-2020-13315LOWCVSS 3.7fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13315 [LOW] CVE-2020-13315: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2020-10083LOWCVSS 9.12020
CVE-2020-10083 [CRITICAL] CVE-2020-10083: gitlab - GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions in... GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied. Scope: local sid: resolved
debian
CVE-2020-13286LOWCVSS 6.42020
CVE-2020-13286 [MEDIUM] CVE-2020-13286: gitlab - For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration sett... For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. Scope: local sid: resolved
debian
CVE-2020-7976LOWCVSS 5.32020
CVE-2020-7976 [MEDIUM] CVE-2020-7976: gitlab - GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. Scope: local sid: resolved
debian
CVE-2020-7967LOWCVSS 4.32020
CVE-2020-7967 [MEDIUM] CVE-2020-7967: gitlab - GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). Scope: local sid: resolved
debian
CVE-2020-10084LOWCVSS 5.32020
CVE-2020-10084 [MEDIUM] CVE-2020-10084: gitlab - GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially... GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace Scope: local sid: resolved
debian
CVE-2020-13302LOWCVSS 3.8fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13302 [LOW] CVE-2020-13302: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2020-7969LOWCVSS 7.52020
CVE-2020-7969 [HIGH] CVE-2020-7969: gitlab - GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. Scope: local sid: resolved
debian
CVE-2020-26416LOWCVSS 4.02020
CVE-2020-26416 [MEDIUM] CVE-2020-26416: gitlab - Information disclosure in Advanced Search component of GitLab EE starting from 8... Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to =13.5 to =13.6 to <13.6.2. Scope: local sid: resolved
debian
CVE-2020-26412LOWCVSS 3.12020
CVE-2020-26412 [LOW] CVE-2020-26412: gitlab - Removed group members were able to use the To-Do functionality to retrieve updat... Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. Scope: local sid: resolved
debian
CVE-2020-13268LOWCVSS 5.32020
CVE-2020-13268 [MEDIUM] CVE-2020-13268: gitlab - A specially crafted request could be used to confirm the existence of files host... A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1 Scope: local sid: resolved
debian
← Previous50 / 67Next →
Debian Gitlab vulnerabilities | cvebase