Information on source package gitlab

Available versions

ReleaseVersion
sid11.8.10+dfsg-1

Open issues

BugsidDescription
CVE-2019-5470vulnerableInformation Disclosure Vulnerability Feedback
CVE-2019-5469vulnerableArbitrary File Upload via Import Project Archive
CVE-2019-5468vulnerableUser Revokation Bypass with Mattermost Integration
CVE-2019-5466vulnerableIDOR Label Name Enumeration
CVE-2019-5465vulnerableInformation Disclosure New Issue ID
CVE-2019-5464vulnerableSSRF Mitigation Bypass
CVE-2019-5463vulnerableAn authorization issue was discovered in the GitLab CE/EE CI badge ima ...
CVE-2019-5462vulnerableTrigger Token Impersonation
CVE-2019-5461vulnerableAn input validation problem was discovered in the GitHub service integ ...
CVE-2019-18463vulnerable
CVE-2019-18462vulnerable
CVE-2019-18461vulnerable
CVE-2019-18460vulnerable
CVE-2019-18459vulnerable
CVE-2019-18458vulnerable
CVE-2019-18457vulnerable
CVE-2019-18455vulnerable
CVE-2019-18454vulnerable
CVE-2019-18453vulnerable
CVE-2019-18452vulnerable
CVE-2019-18451vulnerable
CVE-2019-18450vulnerable
CVE-2019-18449vulnerable
CVE-2019-18448vulnerable
CVE-2019-18447vulnerable
CVE-2019-18446vulnerable
CVE-2019-16170vulnerableAn issue was discovered in GitLab Enterprise Edition 11.x and 12.x bef ...
CVE-2019-15740vulnerableAn issue was discovered in GitLab Community and Enterprise Edition 7.9 ...
CVE-2019-15739vulnerableAn issue was discovered in GitLab Community and Enterprise Edition 8.1 ...
CVE-2019-15737vulnerableAn issue was discovered in GitLab Community and Enterprise Edition thr ...
CVE-2019-15736vulnerableAn issue was discovered in GitLab Community and Enterprise Edition thr ...
CVE-2019-15734vulnerableAn issue was discovered in GitLab Community and Enterprise Edition 8.6 ...
CVE-2019-15733vulnerableAn issue was discovered in GitLab Community and Enterprise Edition 7.1 ...
CVE-2019-15730vulnerableAn issue was discovered in GitLab Community and Enterprise Edition 8.1 ...
CVE-2019-15729vulnerableAn issue was discovered in GitLab Community and Enterprise Edition 8.1 ...
CVE-2019-15728vulnerableAn issue was discovered in GitLab Community and Enterprise Edition 10. ...
CVE-2019-15727vulnerableAn issue was discovered in GitLab Community and Enterprise Edition 11. ...
CVE-2019-15726vulnerableAn issue was discovered in GitLab Community and Enterprise Edition thr ...
CVE-2019-15722vulnerableAn issue was discovered in GitLab Community and Enterprise Edition 8.1 ...
CVE-2019-15721vulnerableAn issue was discovered in GitLab Community and Enterprise Edition 10. ...
CVE-2019-14944vulnerableMultiple Command-Line Flag Injection Vulnerabilities
CVE-2019-14942vulnerableInsecure Cookie Handling on GitLab Pages
CVE-2019-13121vulnerableSSRF Vulnerability in Project GitHub Integration
CVE-2019-13011vulnerableMerge Request Template Name Disclosure
CVE-2019-13010vulnerableDecoding Color Codes Caused Reseource Depletion
CVE-2019-13009vulnerableBroken Access Control for the Content of Personal Snippets
CVE-2019-13006vulnerableNumber of Merge Requests was Accessible
CVE-2019-13003vulnerableResource Exhaustion Attack
CVE-2019-12446vulnerableRepository Password Disclosed on Import Error Page
CVE-2019-12445vulnerableStored Cross-Site Scripting on Notes
CVE-2019-12444vulnerableStored Cross-Site Scripting on Wiki Pages
CVE-2019-12443vulnerableServer-Side Request Forgery Through DNS Rebinding
CVE-2019-12442vulnerableStored Cross-Site Scripting Vulnerability on Child Epics
CVE-2019-12441vulnerableProtected Branches Restriction Rules Bypass
CVE-2019-12434vulnerablePrivate Project Discovery via Comment Links
CVE-2019-12433vulnerableInternal Projects Allowed to Be Created on in Private Groups
CVE-2019-12432vulnerableConfidential Issue Titles Revealed to Restricted Users on Unsubscribe
CVE-2019-12431vulnerableDisclosure of Milestone Metadata through the Search API
CVE-2019-12428vulnerableMandatory External Authentication Provider Sign-In Restrictions Bypass

Resolved issues

BugDescription
TEMP-0902726-51ACFEgitlab: Content injection via username
TEMP-0902726-3BBE24gitlab: Activity feed publicly displaying internal project names
TEMP-0900522-A18AAEgitlab: include directive in .gitlab-ci.yml allows SSRF requests
TEMP-0900522-7DE480gitlab: Arbitrary assignment of project fields using Import project
TEMP-0900522-4405E2gitlab: Removing public deploy keys regression
TEMP-0900522-3AD97Cgitlab: Permissions issue in Merge Requests Create Service
TEMP-0900522-298D01gitlab: Persistent XSS - Multiple locations of user selection drop downs
TEMP-0900522-27F98Dgitlab: Persistent XSS - Selecting users as allowed merge request approvers
TEMP-0894867-E5064BConfidential issue comments in Slack, Mattermost, and webhook integrations
TEMP-0000000-DE2DCDgitlab: Missing CSRF in System Hooks
TEMP-0000000-077068gitlab: Persistent XSS in Pipeline Tooltip
CVE-2019-9890An issue was discovered in GitLab Community and Enterprise Edition 10. ...
CVE-2019-9866An issue was discovered in GitLab Community and Enterprise Edition 11. ...
CVE-2019-9756An issue was discovered in GitLab Community and Enterprise Edition 10. ...
CVE-2019-9732An issue was discovered in GitLab Community and Enterprise Edition 10. ...
CVE-2019-9485An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9225An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9224An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9223An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9222An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9221An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9220An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9219An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9218An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9217An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9179An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9178An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9176An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9175An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9174An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9172An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9171An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-9170An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-7549An issue was discovered in GitLab Community and Enterprise Edition 10. ...
CVE-2019-7353An Incorrect Access Control issue was discovered in GitLab Community a ...
CVE-2019-7176An issue was discovered in GitLab Community and Enterprise Edition 8.x ...
CVE-2019-7155An issue was discovered in GitLab Community and Enterprise Edition 9.x ...
CVE-2019-6997An issue was discovered in GitLab Community and Enterprise Edition 10. ...
CVE-2019-6996An issue was discovered in GitLab Enterprise Edition 10.x (starting in ...
CVE-2019-6995An issue was discovered in GitLab Community and Enterprise Edition 8.x ...
CVE-2019-6960An issue was discovered in GitLab Community and Enterprise Edition 9.x ...
CVE-2019-6797An information disclosure issue was discovered in GitLab Enterprise Ed ...
CVE-2019-6796An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6795An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6794An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6793An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11 ...
CVE-2019-6792An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6791An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6790An Incorrect Access Control (issue 2 of 3) issue was discovered in Git ...
CVE-2019-6789An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6788An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6787An Incorrect Access Control issue was discovered in GitLab Community a ...
CVE-2019-6786An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6785An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6784An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6783An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6782An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-6781An Improper Input Validation issue was discovered in GitLab Community ...
CVE-2019-6240An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-5883An Incorrect Access Control issue was discovered in GitLab Community a ...
CVE-2019-5474Override Merge Request Approval Rules
CVE-2019-5473An authentication issue was discovered in GitLab that allowed a bypass ...
CVE-2019-5472Denial Of Service Epic Comments
CVE-2019-5471An input validation and output encoding issue was discovered in the Gi ...
CVE-2019-5467An input validation and output encoding issue was discovered in the Gi ...
CVE-2019-18456
CVE-2019-15738An issue was discovered in GitLab Community and Enterprise Edition 12. ...
CVE-2019-15732An issue was discovered in GitLab Community and Enterprise Edition 12. ...
CVE-2019-15731An issue was discovered in GitLab Community and Enterprise Edition 12. ...
CVE-2019-15725An issue was discovered in GitLab Community and Enterprise Edition 12. ...
CVE-2019-15724An issue was discovered in GitLab Community and Enterprise Edition 11. ...
CVE-2019-15723An issue was discovered in GitLab Community and Enterprise Edition 11. ...
CVE-2019-14943An issue was discovered in GitLab Community and Enterprise Edition 12. ...
CVE-2019-13007Enabling One of the Service Templates Could Cause Resource Depletion
CVE-2019-13005Authorization Issues in GraphQL
CVE-2019-13004Error Caused by Encoded Characters in Comments
CVE-2019-13002Recent Pipeline Information Disclosed to Unauthorised Users
CVE-2019-13001Ability to Write a Note to a Private Snippet
CVE-2019-12430Remote Command Execution Vulnerability on Repository Download Feature
CVE-2019-12429Metadata of Confidential Issues Disclosed to Restricted Users
CVE-2019-11605An issue was discovered in GitLab Community and Enterprise Edition 11. ...
CVE-2019-11549An issue was discovered in GitLab Community and Enterprise Edition 9.x ...
CVE-2019-11548An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-11547An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-11546An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-11545An issue was discovered in GitLab Community Edition 11.9.x before 11.9 ...
CVE-2019-11544An issue was discovered in GitLab Community and Enterprise Edition 8.x ...
CVE-2019-11000An issue was discovered in GitLab Enterprise Edition before 11.7.11, 1 ...
CVE-2019-10640An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-10117An Open Redirect issue was discovered in GitLab Community and Enterpri ...
CVE-2019-10116An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab ...
CVE-2019-10115An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab ...
CVE-2019-10114An Information Exposure issue (issue 2 of 2) was discovered in GitLab ...
CVE-2019-10113An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-10112An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-10111An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2019-10110An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab ...
CVE-2019-10109An Information Exposure issue (issue 1 of 2) was discovered in GitLab ...
CVE-2019-10108An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Co ...
CVE-2018-9244GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vu ...
CVE-2018-9243GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vu ...
CVE-2018-8971The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, a ...
CVE-2018-8801GitLab Community and Enterprise Editions version 8.3 up to 10.x before ...
CVE-2018-5158The PDF viewer does not sufficiently sanitize PostScript calculator fu ...
CVE-2018-3710Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable ...
CVE-2018-20507Missing authentication for Prometheus alert endpoint
CVE-2018-20501Missing authorization control merge requests
CVE-2018-20500An insecure permissions issue was discovered in GitLab Community and E ...
CVE-2018-20499SSRF in project imports with LFS
CVE-2018-20498Improper access control branches and tags
CVE-2018-20497SSRF repository mirroring
CVE-2018-20496Persistent XSS label reference
CVE-2018-20495CI job token LFS error message disclosure
CVE-2018-20494Guest user CI job disclosure
CVE-2018-20493Source code disclosure merge request diff
CVE-2018-20492Todos improper access control
CVE-2018-20491Persistent XSS wiki in IE browser
CVE-2018-20490Persistent XSS Autocompletion
CVE-2018-20489URL rel attribute not set
CVE-2018-20488Secret CI variable exposure
CVE-2018-20229GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before ...
CVE-2018-20144GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x be ...
CVE-2018-19856GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before ...
CVE-2018-19585GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11 ...
CVE-2018-19584GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 ...
CVE-2018-19583GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4 ...
CVE-2018-19582GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affe ...
CVE-2018-19581GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, ...
CVE-2018-19580All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not sen ...
CVE-2018-19579GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability ...
CVE-2018-19578GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure ob ...
CVE-2018-19577Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4 ...
CVE-2018-19576GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4 ...
CVE-2018-19575GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11. ...
CVE-2018-19574GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4 ...
CVE-2018-19573GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11. ...
CVE-2018-19572GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-c ...
CVE-2018-19571GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11. ...
CVE-2018-19570GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11 ...
CVE-2018-19569GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4 ...
CVE-2018-19496An issue was discovered in GitLab Community and Enterprise Edition 10. ...
CVE-2018-19495An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-19494An issue was discovered in GitLab Community and Enterprise Edition 11. ...
CVE-2018-19493An issue was discovered in GitLab Community and Enterprise Edition 11. ...
CVE-2018-19359GitLab Community and Enterprise Edition 8.9 and later and before 11.5. ...
CVE-2018-18843The Kubernetes integration in GitLab Enterprise Edition 11.x before 11 ...
CVE-2018-18649An issue was discovered in the wiki API in GitLab Community and Enterp ...
CVE-2018-18648An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-18647An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-18646An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-18645An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-18644An issue was discovered in GitLab Community and Enterprise Edition 11. ...
CVE-2018-18643GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and ...
CVE-2018-18642An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-18641An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-18640An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-17976An issue was discovered in GitLab Community Edition 11.x before 11.1.8 ...
CVE-2018-17975An issue was discovered in GitLab Community Edition 11.x before 11.1.8 ...
CVE-2018-17939An issue was discovered in GitLab Community and Enterprise Edition 11. ...
CVE-2018-17537Persistent XSS package.json
CVE-2018-17536Persistent XSS merge request project import
CVE-2018-17455IDOR merge request approvals
CVE-2018-17454Persistent XSS on issue details
CVE-2018-17453GRPC::Unknown logging token disclosure
CVE-2018-17452validate_localhost function in url_blocker.rb could be bypassed
CVE-2018-17451Slack integration CSRF Oauth2
CVE-2018-17450SSRF GCP access token disclosure
CVE-2018-17449Confidential information disclosure in events API endpoint
CVE-2018-16051An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-16050An issue was discovered in GitLab Community and Enterprise Edition 11. ...
CVE-2018-16049An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-16048An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-15472Diff formatter DoS in Sidekiq jobs
CVE-2018-14606An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-14605An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-14604An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-14603An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-14602An issue was discovered in GitLab Community and Enterprise Edition bef ...
CVE-2018-14601An issue was discovered in GitLab Community and Enterprise Edition 11. ...
CVE-2018-14364GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 1 ...
CVE-2018-12607An issue was discovered in GitLab Community Edition and Enterprise Edi ...
CVE-2018-12606An issue was discovered in GitLab Community Edition and Enterprise Edi ...
CVE-2018-12605An issue was discovered in GitLab Community Edition and Enterprise Edi ...
CVE-2018-10379An issue was discovered in GitLab Community Edition (CE) and Enterpris ...
CVE-2017-8778GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 h ...
CVE-2017-17716GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verifi ...
CVE-2017-12426GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17. ...
CVE-2017-11438GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.1 ...
CVE-2017-11437GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, an ...
CVE-2017-0927Gitlab Community Edition version 10.3 is vulnerable to an improper aut ...
CVE-2017-0926Gitlab Community Edition version 10.3 is vulnerable to an improper aut ...
CVE-2017-0925Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insuffici ...
CVE-2017-0924Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...
CVE-2017-0923Gitlab Community Edition version 9.1 is vulnerable to lack of input va ...
CVE-2017-0922Gitlab Enterprise Edition version 10.3 is vulnerable to an authorizati ...
CVE-2017-0921GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ...
CVE-2017-0920GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ...
CVE-2017-0919GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ...
CVE-2017-0918Gitlab Community Edition version 10.3 is vulnerable to a path traversa ...
CVE-2017-0917Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...
CVE-2017-0916Gitlab Community Edition version 10.3 is vulnerable to a lack of input ...
CVE-2017-0915Gitlab Community Edition version 10.2.4 is vulnerable to a lack of inp ...
CVE-2017-0914Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2. ...
CVE-2017-0882Multiple versions of GitLab expose sensitive user credentials when ass ...
CVE-2016-9469Multiple versions of GitLab expose a dangerous method to any authentic ...
CVE-2016-9086GitLab versions 8.9.x and above contain a critical security flaw in th ...
CVE-2016-4340The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 th ...
CVE-2014-8540The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authen ...
CVE-2013-7316Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versi ...
CVE-2013-4583
CVE-2013-4582Local file inclusion vulnerability
CVE-2013-4581GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Ed ...
CVE-2013-4580GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Ed ...
CVE-2013-4546The repository import feature in gitlab-shell before 1.7.4, as used in ...
CVE-2013-4490The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before ...
CVE-2013-4489The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x befo ...

Security announcements

DSA / DLADescription
DSA-4206-2gitlab - regression update
DSA-4206-1gitlab - security update
DSA-4145-1gitlab - security update

Search for package or bug name: Reporting problems