Information on source package gitlab

Available versions

ReleaseVersion
sid11.5.10+dfsg-1

Resolved issues

BugDescription
TEMP-0902726-51ACFEgitlab: Content injection via username
TEMP-0902726-3BBE24gitlab: Activity feed publicly displaying internal project names
TEMP-0900522-A18AAEgitlab: include directive in .gitlab-ci.yml allows SSRF requests
TEMP-0900522-7DE480gitlab: Arbitrary assignment of project fields using Import project
TEMP-0900522-4405E2gitlab: Removing public deploy keys regression
TEMP-0900522-3AD97Cgitlab: Permissions issue in Merge Requests Create Service
TEMP-0900522-298D01gitlab: Persistent XSS - Multiple locations of user selection drop downs
TEMP-0900522-27F98Dgitlab: Persistent XSS - Selecting users as allowed merge request approvers
TEMP-0894867-E5064BConfidential issue comments in Slack, Mattermost, and webhook integrations
TEMP-0000000-DE2DCDgitlab: Missing CSRF in System Hooks
TEMP-0000000-077068gitlab: Persistent XSS in Pipeline Tooltip
CVE-2019-7353Leak of Confidential Issue and Merge Request Titles
CVE-2019-7176
CVE-2019-7155
CVE-2019-6997
CVE-2019-6996
CVE-2019-6995
CVE-2019-6960
CVE-2019-6797
CVE-2019-6796
CVE-2019-6795
CVE-2019-6794
CVE-2019-6793
CVE-2019-6792
CVE-2019-6791
CVE-2019-6790
CVE-2019-6789
CVE-2019-6788
CVE-2019-6787
CVE-2019-6786
CVE-2019-6785
CVE-2019-6784
CVE-2019-6783
CVE-2019-6782
CVE-2019-6781
CVE-2019-6240Arbitrary repo read in Gitlab project import
CVE-2018-9244GitLab Community and Enterprise Editions version 9.2 up to 10.4 are ...
CVE-2018-9243GitLab Community and Enterprise Editions version 8.4 up to 10.4 are ...
CVE-2018-8971The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, ...
CVE-2018-8801GitLab Community and Enterprise Editions version 8.3 up to 10.x before ...
CVE-2018-3710Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable ...
CVE-2018-20507Missing authentication for Prometheus alert endpoint
CVE-2018-20501Missing authorization control merge requests
CVE-2018-20500Improper access control CI/CD settings
CVE-2018-20499SSRF in project imports with LFS
CVE-2018-20498Improper access control branches and tags
CVE-2018-20497SSRF repository mirroring
CVE-2018-20496Persistent XSS label reference
CVE-2018-20495CI job token LFS error message disclosure
CVE-2018-20494Guest user CI job disclosure
CVE-2018-20493Source code disclosure merge request diff
CVE-2018-20492Todos improper access control
CVE-2018-20491Persistent XSS wiki in IE browser
CVE-2018-20490Persistent XSS Autocompletion
CVE-2018-20489URL rel attribute not set
CVE-2018-20488Secret CI variable exposure
CVE-2018-20229
CVE-2018-20144Arbitrary File read in GitLab project import with Git LFS
CVE-2018-19585
CVE-2018-19584
CVE-2018-19583
CVE-2018-19582
CVE-2018-19581
CVE-2018-19580
CVE-2018-19579
CVE-2018-19578
CVE-2018-19577
CVE-2018-19576
CVE-2018-19575
CVE-2018-19574
CVE-2018-19573
CVE-2018-19572
CVE-2018-19571
CVE-2018-19570
CVE-2018-19569
CVE-2018-19496
CVE-2018-19495
CVE-2018-19494
CVE-2018-19493
CVE-2018-19359Unauthorized service template creation
CVE-2018-18843The Kubernetes integration in GitLab Enterprise Edition 11.x before ...
CVE-2018-18649An issue was discovered in the wiki API in GitLab Community and ...
CVE-2018-18648An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18647An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18646An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18645An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18644An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18643Persistent XSS autocomplete
CVE-2018-18642An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18641An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18640An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-17976An issue was discovered in GitLab Community Edition 11.x before ...
CVE-2018-17975An issue was discovered in GitLab Community Edition 11.x before ...
CVE-2018-17939An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-17537Persistent XSS package.json
CVE-2018-17536Persistent XSS merge request project import
CVE-2018-17455IDOR merge request approvals
CVE-2018-17454Persistent XSS on issue details
CVE-2018-17453GRPC::Unknown logging token disclosure
CVE-2018-17452validate_localhost function in url_blocker.rb could be bypassed
CVE-2018-17451Slack integration CSRF Oauth2
CVE-2018-17450SSRF GCP access token disclosure
CVE-2018-17449Confidential information disclosure in events API endpoint
CVE-2018-16051An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-16050An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-16049An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-16048An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-15472Diff formatter DoS in Sidekiq jobs
CVE-2018-14606An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-14605An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-14604An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-14603An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-14602An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-14601An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-14364GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before ...
CVE-2018-12607An issue was discovered in GitLab Community Edition and Enterprise ...
CVE-2018-12606An issue was discovered in GitLab Community Edition and Enterprise ...
CVE-2018-12605An issue was discovered in GitLab Community Edition and Enterprise ...
CVE-2018-10379An issue was discovered in GitLab Community Edition (CE) and Enterprise ...
CVE-2017-8778GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 ...
CVE-2017-17716GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate ...
CVE-2017-12426GitLab Community Edition (CE) and Enterprise Edition (EE) before ...
CVE-2017-11438GitLab Community Edition (CE) and Enterprise Edition (EE) before ...
CVE-2017-11437GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, ...
CVE-2017-0927Gitlab Community Edition version 10.3 is vulnerable to an improper ...
CVE-2017-0926Gitlab Community Edition version 10.3 is vulnerable to an improper ...
CVE-2017-0925Gitlab Enterprise Edition version 10.1.0 is vulnerable to an ...
CVE-2017-0924Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...
CVE-2017-0923Gitlab Community Edition version 9.1 is vulnerable to lack of input ...
CVE-2017-0922Gitlab Enterprise Edition version 10.3 is vulnerable to an ...
CVE-2017-0921GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...
CVE-2017-0920GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...
CVE-2017-0919GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...
CVE-2017-0918Gitlab Community Edition version 10.3 is vulnerable to a path ...
CVE-2017-0917Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...
CVE-2017-0916Gitlab Community Edition version 10.3 is vulnerable to a lack of input ...
CVE-2017-0915Gitlab Community Edition version 10.2.4 is vulnerable to a lack of ...
CVE-2017-0914Gitlab Community and Enterprise Editions version 10.1, 10.2, and ...
CVE-2017-0882Multiple versions of GitLab expose sensitive user credentials when ...
CVE-2016-9469Multiple versions of GitLab expose a dangerous method to any ...
CVE-2016-9086GitLab versions 8.9.x and above contain a critical security flaw in the ...
CVE-2016-4340The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 ...
CVE-2014-8540The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote ...
CVE-2013-7316Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other ...
CVE-2013-4583
CVE-2013-4582Local file inclusion vulnerability
CVE-2013-4581GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise ...
CVE-2013-4580GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise ...
CVE-2013-4546The repository import feature in gitlab-shell before 1.7.4, as used in ...
CVE-2013-4490The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before ...
CVE-2013-4489The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x ...

Security announcements

DSA / DLADescription
DSA-4206-2gitlab - regression update
DSA-4206-1gitlab - security update
DSA-4145-1gitlab - security update

Search for package or bug name: Reporting problems