cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 8 of 44
CVE-2016-9086P3MEDIUMCVSS 6.5fixed in gitlab 8.13.3+dfsg1-2 (sid)2016
CVE-2016-9086 [MEDIUM] CVE-2016-9086: gitlab - GitLab versions 8.9.x and above contain a critical security flaw in the "import/... GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was mad
debian
CVE-2020-13299P3HIGHCVSS 8.1fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13299 [HIGH] CVE-2020-13299: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2019-6240P3HIGHCVSS 7.5fixed in gitlab 11.5.7+dfsg-1 (sid)2019
CVE-2019-6240 [HIGH] CVE-2019-6240: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.4. ... An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. Scope: local sid: resolved (fixed in 11.5.7+dfsg-1)
debian
CVE-2019-15729P3HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15729 [HIGH] CVE-2019-15729: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.18 through ... An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-5470P3HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-5470 [HIGH] CVE-2019-5470: gitlab - An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.... An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2019-15728P3HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15728 [HIGH] CVE-2019-15728: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 10.1 through ... An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2022-3285P3MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3285 [MEDIUM] CVE-2022-3285: gitlab - Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior... Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-18460P3HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18460 [HIGH] CVE-2019-18460: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.15 through ... An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2022-1510P3MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1510 [MEDIUM] CVE-2022-1510: gitlab - An issue has been discovered in GitLab affecting all versions starting from 13.9... An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption. Scope: local sid
debian
CVE-2020-13304P3LOWCVSS 3.8fixed in gitlab 13.2.8-1 (sid)2020
CVE-2020-13304 [LOW] CVE-2020-13304: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions. Scope: local sid: resolved (fixed in 13.2.8-1)
debian
CVE-2019-18457P3HIGHCVSS 8.8fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-18457 [HIGH] CVE-2019-18457: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.8 through ... An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2022-2428P3MEDIUMCVSS 6.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2428 [MEDIUM] CVE-2022-2428: gitlab - A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versi... A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2018-3710P3HIGHCVSS 7.8fixed in gitlab 10.5.5+dfsg-1 (sid)2018
CVE-2018-3710 [HIGH] CVE-2018-3710: gitlab - Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Inse... Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)
debian
CVE-2020-13334P3MEDIUMCVSS 5.9fixed in gitlab 13.2.10-1 (sid)2020
CVE-2020-13334 [MEDIUM] CVE-2020-13334: gitlab - In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization c... In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query Scope: local sid: resolved (fixed in 13.2.10-1)
debian
CVE-2022-3031P3LOWCVSS 3.7fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-3031 [LOW] CVE-2022-3031: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.... An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account. Scope: l
debian
CVE-2021-22189P3MEDIUMCVSS 5.9fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22189 [MEDIUM] CVE-2021-22189: gitlab - Starting with version 13.7 the Gitlab CE/EE editions were affected by a security... Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-22167P3MEDIUMCVSS 5.3fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22167 [MEDIUM] CVE-2021-22167: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.1... An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-9223P3HIGHCVSS 7.5fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9223 [HIGH] CVE-2019-9223: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. Scope: local sid: resolved (fixed in 11.8.2-2)
debian
CVE-2019-6782P3HIGHCVSS 7.5fixed in gitlab 11.5.10+dfsg-1 (sid)2019
CVE-2019-6782 [HIGH] CVE-2019-6782: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8... An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed. Scope: local sid: resolved (fixed in 11.5.10+dfsg-1)
debian
CVE-2018-20494P3HIGHCVSS 7.5fixed in gitlab 11.5.6+dfsg-1 (sid)2018
CVE-2018-20494 [HIGH] CVE-2018-20494: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.4.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. Scope: local sid: resolved (fixed in 11.5.6+dfsg-1)
debian
Debian Gitlab vulnerabilities | cvebase