cbcvebase.

Debian Gitlab vulnerabilities

863 known vulnerabilities affecting debian/gitlab.

Total CVEs
863
CISA KEV
4
actively exploited
Public exploits
18
Exploited in wild
7
Severity breakdown
CRITICAL43HIGH158MEDIUM552LOW110

Vulnerabilities

Page 9 of 44
CVE-2022-1413P3MEDIUMCVSS 5.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-1413 [MEDIUM] CVE-2022-1413: gitlab - Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2... Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2020-13323P3HIGHCVSS 7.7fixed in gitlab 13.2.3-2 (sid)2020
CVE-2020-13323 [HIGH] CVE-2020-13323: gitlab - A vulnerability was discovered in GitLab versions prior 13.1. Under certain cond... A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos Scope: local sid: resolved (fixed in 13.2.3-2)
debian
CVE-2019-15730P3HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-15730 [HIGH] CVE-2019-15730: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.14 through ... An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server. Scope: local sid: resolved (fixed
debian
CVE-2023-2198P3HIGHCVSS 7.5fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-2198 [HIGH] CVE-2023-2198: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-2132P3HIGHCVSS 7.5fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-2132 [HIGH] CVE-2023-2132: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint. Scope: local sid: resolved (fixed
debian
CVE-2023-2199P3HIGHCVSS 7.5fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-2199 [HIGH] CVE-2023-2199: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-12441P3HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-12441 [HIGH] CVE-2019-12441: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 1... An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2023-3424P3HIGHCVSS 7.5fixed in gitlab 15.11.11+ds1-1 (sid)2023
CVE-2023-3424 [HIGH] CVE-2023-3424: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro... An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. Scope: local sid: resolved (fixed in 15.11.11+ds1-1)
debian
CVE-2019-13121P3HIGHCVSS 7.5fixed in gitlab 12.6.8-3 (sid)2019
CVE-2019-13121 [HIGH] CVE-2019-13121: gitlab - An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The Gi... An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control. Scope: local sid: resolved (fixed in 12.6.8-3)
debian
CVE-2018-17449P3HIGHCVSS 7.5fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17449 [HIGH] CVE-2018-17449: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7... An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference. Scope: local sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2018-18641P3CRITICALCVSS 9.8fixed in gitlab 11.2.8+dfsg-2 (sid)2018
CVE-2018-18641 [CRITICAL] CVE-2018-18641: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7... An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information. Scope: local sid: resolved (fixed in 11.2.8+dfsg-2)
debian
CVE-2018-17455P3HIGHCVSS 7.5fixed in gitlab 11.1.8+dfsg-2 (sid)2018
CVE-2018-17455 [HIGH] CVE-2018-17455: gitlab - An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x befor... An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature. Scope: local sid: resolved (fixed in 11.1.8+dfsg-2)
debian
CVE-2021-22230P3MEDIUMCVSS 4.9fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22230 [MEDIUM] CVE-2021-22230: gitlab - Improper code rendering while rendering merge requests could be exploited to sub... Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-5226P3MEDIUMCVSS 4.8fixed in gitlab 16.4.4+ds2-2 (sid)2023
CVE-2023-5226 [MEDIUM] CVE-2023-5226: gitlab - An issue has been discovered in GitLab affecting all versions before 16.4.3, all... An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI. Scope: local sid: resolved (fixed in
debian
CVE-2023-0121P3MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2023
CVE-2023-0121 [MEDIUM] CVE-2023-0121: gitlab - A denial of service issue was discovered in GitLab CE/EE affecting all versions ... A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2021-39908P3MEDIUMCVSS 6.5fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-39908 [MEDIUM] CVE-2021-39908: gitlab - In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions ... In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2023-6386P3MEDIUMCVSS 6.5fixed in gitlab 16.6.7-1 (sid)2023
CVE-2023-6386 [MEDIUM] CVE-2023-6386: gitlab - A denial of service vulnerability was identified in GitLab CE/EE, affecting all ... A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation. Scope: local sid: resolved (fixed in 16.6.7-1)
debian
CVE-2022-2326P3MEDIUMCVSS 6.4fixed in gitlab 15.10.8+ds1-2 (sid)2022
CVE-2022-2326 [MEDIUM] CVE-2022-2326: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.... An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an unverified secondary email. Scope: local sid: resolved (fixed in 15.10.
debian
CVE-2021-22200P3MEDIUMCVSS 5.9fixed in gitlab 15.10.8+ds1-2 (sid)2021
CVE-2021-22200 [MEDIUM] CVE-2021-22200: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting wit... An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. Scope: local sid: resolved (fixed in 15.10.8+ds1-2)
debian
CVE-2019-9220P3HIGHCVSS 7.5fixed in gitlab 11.8.2-2 (sid)2019
CVE-2019-9220 [HIGH] CVE-2019-9220: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1... An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption. Scope: local sid: resolved (fixed in 11.8.2-2)
debian
Debian Gitlab vulnerabilities | cvebase