Information on source package gitlab

Available versions

ReleaseVersion
stretch (security)8.13.11+dfsg1-8+deb9u3
buster/contrib11.4.9+dfsg-2
sid11.5.4+dfsg-1

Open issues

BugstretchbustersidDescription
TEMP-0902726-51ACFEvulnerablefixedfixedgitlab: Content injection via username
TEMP-0894867-E5064BvulnerablefixedfixedConfidential issue comments in Slack, Mattermost, and webhook integrations
TEMP-0000000-DE2DCDvulnerablefixedfixedgitlab: Missing CSRF in System Hooks
CVE-2018-9243vulnerablefixedfixedGitLab Community and Enterprise Editions version 8.4 up to 10.4 are ...
CVE-2018-8801vulnerablefixedfixedGitLab Community and Enterprise Editions version 8.3 up to 10.x before ...
CVE-2018-20144vulnerablevulnerablefixedArbitrary File read in GitLab project import with Git LFS
CVE-2018-19585vulnerablefixedfixed
CVE-2018-19583vulnerablefixedfixed
CVE-2018-19580vulnerablefixedfixed
CVE-2018-19577vulnerablefixedfixed
CVE-2018-19576vulnerablefixedfixed
CVE-2018-19575vulnerablefixedfixed
CVE-2018-19574vulnerablefixedfixed
CVE-2018-19573vulnerablefixedfixed
CVE-2018-19572vulnerablefixedfixed
CVE-2018-19571vulnerablefixedfixed
CVE-2018-19570vulnerablefixedfixed
CVE-2018-19569vulnerablefixedfixed
CVE-2018-19496vulnerablefixedfixed
CVE-2018-19495vulnerablefixedfixed
CVE-2018-19494vulnerablefixedfixed
CVE-2018-19493vulnerablefixedfixed
CVE-2018-19359vulnerablefixedfixedUnauthorized service template creation
CVE-2018-18646vulnerablefixedfixedAn issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18645vulnerablefixedfixedAn issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18641vulnerablefixedfixedAn issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18640vulnerablefixedfixedAn issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-17976vulnerablefixedfixedAn issue was discovered in GitLab Community Edition 11.x before ...
CVE-2018-17975vulnerablefixedfixedAn issue was discovered in GitLab Community Edition 11.x before ...
CVE-2018-17939vulnerablefixedfixedAn issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-17455vulnerablefixedfixedIDOR merge request approvals
CVE-2018-17452vulnerablefixedfixedvalidate_localhost function in url_blocker.rb could be bypassed
CVE-2018-16051vulnerablefixedfixedAn issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-16049vulnerablefixedfixedAn issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-15472vulnerablefixedfixedDiff formatter DoS in Sidekiq jobs
CVE-2018-14603vulnerablefixedfixedAn issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-14364vulnerablefixedfixedGitLab Community and Enterprise Edition before 10.7.7, 10.8.x before ...
CVE-2018-12606vulnerablefixedfixedAn issue was discovered in GitLab Community Edition and Enterprise ...
CVE-2017-0921vulnerablefixedfixedGitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...
CVE-2017-0919vulnerablefixedfixedGitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...

Open unimportant issues

BugstretchbustersidDescription
CVE-2017-12426vulnerablefixedfixedGitLab Community Edition (CE) and Enterprise Edition (EE) before ...

Resolved issues

BugDescription
TEMP-0902726-3BBE24gitlab: Activity feed publicly displaying internal project names
TEMP-0900522-A18AAEgitlab: include directive in .gitlab-ci.yml allows SSRF requests
TEMP-0900522-7DE480gitlab: Arbitrary assignment of project fields using Import project
TEMP-0900522-4405E2gitlab: Removing public deploy keys regression
TEMP-0900522-3AD97Cgitlab: Permissions issue in Merge Requests Create Service
TEMP-0900522-298D01gitlab: Persistent XSS - Multiple locations of user selection drop downs
TEMP-0900522-27F98Dgitlab: Persistent XSS - Selecting users as allowed merge request approvers
TEMP-0000000-077068gitlab: Persistent XSS in Pipeline Tooltip
CVE-2018-9244GitLab Community and Enterprise Editions version 9.2 up to 10.4 are ...
CVE-2018-8971The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, ...
CVE-2018-3710Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable ...
CVE-2018-19584
CVE-2018-19582
CVE-2018-19581
CVE-2018-19579
CVE-2018-19578
CVE-2018-18843The Kubernetes integration in GitLab Enterprise Edition 11.x before ...
CVE-2018-18649An issue was discovered in the wiki API in GitLab Community and ...
CVE-2018-18648An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18647An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18644An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-18643Persistent XSS autocomplete
CVE-2018-18642An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-17537Persistent XSS package.json
CVE-2018-17536Persistent XSS merge request project import
CVE-2018-17454Persistent XSS on issue details
CVE-2018-17453GRPC::Unknown logging token disclosure
CVE-2018-17451Slack integration CSRF Oauth2
CVE-2018-17450SSRF GCP access token disclosure
CVE-2018-17449Confidential information disclosure in events API endpoint
CVE-2018-16050An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-16048An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-14606An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-14605An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-14604An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-14602An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-14601An issue was discovered in GitLab Community and Enterprise Edition ...
CVE-2018-12607An issue was discovered in GitLab Community Edition and Enterprise ...
CVE-2018-12605An issue was discovered in GitLab Community Edition and Enterprise ...
CVE-2018-10379An issue was discovered in GitLab Community Edition (CE) and Enterprise ...
CVE-2017-8778GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 ...
CVE-2017-17716GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate ...
CVE-2017-11438GitLab Community Edition (CE) and Enterprise Edition (EE) before ...
CVE-2017-11437GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, ...
CVE-2017-0927Gitlab Community Edition version 10.3 is vulnerable to an improper ...
CVE-2017-0926Gitlab Community Edition version 10.3 is vulnerable to an improper ...
CVE-2017-0925Gitlab Enterprise Edition version 10.1.0 is vulnerable to an ...
CVE-2017-0924Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...
CVE-2017-0923Gitlab Community Edition version 9.1 is vulnerable to lack of input ...
CVE-2017-0922Gitlab Enterprise Edition version 10.3 is vulnerable to an ...
CVE-2017-0920GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...
CVE-2017-0918Gitlab Community Edition version 10.3 is vulnerable to a path ...
CVE-2017-0917Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...
CVE-2017-0916Gitlab Community Edition version 10.3 is vulnerable to a lack of input ...
CVE-2017-0915Gitlab Community Edition version 10.2.4 is vulnerable to a lack of ...
CVE-2017-0914Gitlab Community and Enterprise Editions version 10.1, 10.2, and ...
CVE-2017-0882Multiple versions of GitLab expose sensitive user credentials when ...
CVE-2016-9469Multiple versions of GitLab expose a dangerous method to any ...
CVE-2016-9086GitLab versions 8.9.x and above contain a critical security flaw in the ...
CVE-2016-4340The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 ...
CVE-2014-8540The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote ...
CVE-2013-7316Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other ...
CVE-2013-4583
CVE-2013-4582Local file inclusion vulnerability
CVE-2013-4581GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise ...
CVE-2013-4580GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise ...
CVE-2013-4546The repository import feature in gitlab-shell before 1.7.4, as used in ...
CVE-2013-4490The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before ...
CVE-2013-4489The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x ...

Security announcements

DSA / DLADescription
DSA-4206-2gitlab - regression update
DSA-4206-1gitlab - security update
DSA-4145-1gitlab - security update

Search for package or bug name: Reporting problems