Debian Gitlab vulnerabilities
863 known vulnerabilities affecting debian/gitlab.
Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110
Vulnerabilities
Page 7 of 44
CVE-2018-20144P3HIGHCVSS 7.5fixed in gitlab 11.5.4+dfsg-1 (sid)2018
CVE-2018-20144 [HIGH] CVE-2018-20144: gitlab - GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4....
GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.
Scope: local
sid: resolved (fixed in 11.5.4+dfsg-1)
debian
CVE-2017-0914P3HIGHCVSS 7.5fixed in gitlab 10.5.5+dfsg-1 (sid)2017
CVE-2017-0914 [HIGH] CVE-2017-0914: gitlab - Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vuln...
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.
Scope: local
sid: resolved (fixed in 10.5.5+dfsg-1)
debian
CVE-2020-10956P3CRITICALCVSS 9.8fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-10956 [CRITICAL] CVE-2020-10956: gitlab - GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import ...
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2022-2527P3HIGHCVSS 7.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2527 [HIGH] CVE-2022-2527: gitlab - An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all...
An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests.
Scope: local
debian
CVE-2019-5462P3HIGHCVSS 8.8fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-5462 [HIGH] CVE-2019-5462: gitlab - A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when t...
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.
Scope: local
sid: resolved (fixed in 12.6.8-3)
debian
CVE-2024-7102P3CRITICALCVSS 9.6fixed in gitlab 17.5.5-1 (sid)2024
CVE-2024-7102 [CRITICAL] CVE-2024-7102: gitlab - An issue was discovered in GitLab CE/EE affecting all versions starting from 16....
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.
Scope: local
sid: resolved (fixed in 17.5.5-1)
debian
CVE-2023-2478P3CRITICALCVSS 9.6fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-2478 [CRITICAL] CVE-2023-2478: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project.
Scope: local
sid: resolved (fixe
debian
CVE-2020-13321P3HIGHCVSS 8.3fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13321 [HIGH] CVE-2020-13321: gitlab - A vulnerability was discovered in GitLab versions prior to 13.1. Username format...
A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added.
Scope: local
sid: resolved (fixed in 13.2.3-2)
debian
CVE-2022-0249P3LOWCVSS 3.1fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0249 [LOW] CVE-2022-0249: gitlab - A vulnerability was discovered in GitLab starting with version 12. GitLab was vu...
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2018-20229P3HIGHCVSS 7.5fixed in gitlab 11.5.5+dfsg-1 (sid)2018
CVE-2018-20229 [HIGH] CVE-2018-20229: gitlab - GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, a...
GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal.
Scope: local
sid: resolved (fixed in 11.5.5+dfsg-1)
debian
CVE-2022-0136P3MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0136 [MEDIUM] CVE-2022-0136: gitlab - A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4...
A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2024-0410P3HIGHCVSS 7.7fixed in gitlab 16.8.3-1 (sid)2024
CVE-2024-0410 [HIGH] CVE-2024-0410: gitlab - An authorization bypass vulnerability was discovered in GitLab affecting version...
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.
Scope: local
sid: resolved (fixed in 16.8.3-1)
debian
CVE-2022-2251P3MEDIUMCVSS 4.8fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2251 [MEDIUM] CVE-2022-2251: gitlab - Improper sanitization of branch names in GitLab Runner affecting all versions pr...
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2022-3060P3HIGHCVSS 7.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3060 [HIGH] CVE-2022-3060: gitlab - Improper control of a resource identifier in Error Tracking in GitLab CE/EE affe...
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2025-1212P3MEDIUMCVSS 4.3fixed in gitlab 17.6.5-1 (sid)2025
CVE-2025-1212 [MEDIUM] CVE-2025-1212: gitlab - An information disclosure vulnerability in GitLab CE/EE affecting all versions f...
An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.
Scope: local
sid: resolved (fixed in 17.6.5-1)
debian
CVE-2023-3441P3MEDIUMCVSS 6.6fixed in gitlab 16.4.4+ds2-1 (sid)2023
CVE-2023-3441 [MEDIUM] CVE-2023-3441: gitlab - An issue has been discovered in GitLab EE/CE affecting all versions starting fro...
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-1)
debian
CVE-2022-2533P3MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2533 [MEDIUM] CVE-2022-2533: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.1...
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid
debian
CVE-2022-0741P3MEDIUMCVSS 5.8fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-0741 [MEDIUM] CVE-2022-0741: gitlab - Improper input validation in all versions of GitLab CE/EE using sendmail to send...
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-9222P3HIGHCVSS 8.1fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9222 [HIGH] CVE-2019-9222: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1...
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
Scope: local
sid: resolved (fixed in 11.8.2-2)
debian
CVE-2023-3399P3HIGHCVSS 8.5fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-3399 [HIGH] CVE-2023-3399: gitlab - An issue has been discovered in GitLab EE affecting all versions starting from 1...
An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates.
Scope: local
sid: resolved (fixed in 16.4.4+ds2-2)
debian