Debian Gitlab vulnerabilities

CVE-2019-9174 [CRITICAL] CVE-2019-9174: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF. Scope: local sid: resolved (fixed in 11.8.2-2)

CVE-2019-9485 [CRITICAL] CVE-2019-9485: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. Scope: local sid: resolved (fixed in 11.8.2-2)

CVE-2019-6960 [CRITICAL] CVE-2019-6960: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, an... An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled. Scope: local sid: resolved (fixed in 11.5.10+dfsg-1)

CVE-2019-9732 [CRITICAL] CVE-2019-9732: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.x (startin... An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. Scope: local sid: resolved (fixed in 11.8.2-2)

CVE-2019-9756 [CRITICAL] CVE-2019-9756: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.x (startin... An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732. Scope: local sid: resolved (fixed in 11.8.2-2)

CVE-2019-13121 [HIGH] CVE-2019-13121: gitlab - An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The Gi... An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control. Scope: local sid: resolved (fixed in 12.6.8-3)

CVE-2019-6782 [HIGH] CVE-2019-6782: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8... An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed. Scope: local sid: resolved (fixed in 11.5.10+dfsg-1)

CVE-2019-10640 [HIGH] CVE-2019-10640: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.7.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. Scope: local sid: resolved (fixed in 11.8.6+dfsg-1)

CVE-2019-15583 [HIGH] CVE-2019-15583: gitlab - An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab... An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. Scope: local sid: resolved (fixed in 12.6.8-3)

CVE-2019-5468 [HIGH] CVE-2019-5468: gitlab - An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0... An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. Scope: local sid: resolved (fixed in 12.6.8-3)

CVE-2019-6240 [HIGH] CVE-2019-6240: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.4. ... An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. Scope: local sid: resolved (fixed in 11.5.7+dfsg-1)

CVE-2019-9222 [HIGH] CVE-2019-9222: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. Scope: local sid: resolved (fixed in 11.8.2-2)

CVE-2019-5462 [HIGH] CVE-2019-5462: gitlab - A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when t... A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. Scope: local sid: resolved (fixed in 12.6.8-3)

CVE-2019-12441 [HIGH] CVE-2019-12441: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 1... An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control. Scope: local sid: resolved (fixed in 12.6.8-3)

CVE-2019-15722 [HIGH] CVE-2019-15722: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.15 through ... An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. Scope: local sid: resolved (fixed in 12.6.8-3)

CVE-2019-9220 [HIGH] CVE-2019-9220: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption. Scope: local sid: resolved (fixed in 11.8.2-2)

CVE-2019-6783 [HIGH] CVE-2019-6783: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8... An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. Scope: local sid: resolved (fixed in 11.5.10+dfsg-1)

CVE-2019-15728 [HIGH] CVE-2019-15728: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.1 through ... An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server. Scope: local sid: resolved (fixed in 12.6.8-3)

CVE-2019-18460 [HIGH] CVE-2019-18460: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.15 through ... An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control. Scope: local sid: resolved (fixed in 12.6.8-3)

CVE-2019-18455 [HIGH] CVE-2019-18455: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11 through 12... An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. Scope: local sid: resolved (fixed in 12.6.8-3)