gitlab-operator-fips vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the gitlab-operator-fips package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-wh39-vq4j-xpj4	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
H Improper Authentication	<2.6.1-r1
M CVE-2019-15737	<2.6.1-r1
L GHSA-qgvm-92m2-j87g	<2.6.1-r1
L GHSA-mhvv-m4rg-2pmj	<2.6.1-r1
L GHSA-mv85-vhf6-fp37	<2.6.1-r1
L Authorization Bypass Through User-Controlled Key	<2.6.1-r1
C Server-Side Request Forgery (SSRF)	<2.6.1-r1
M Information Exposure	<2.6.1-r1
M Cleartext Transmission of Sensitive Information	<2.6.1-r1
L GHSA-4w67-c2v7-mc9w	<2.6.1-r1
M Incorrect Permission Assignment for Critical Resource	<2.6.1-r1
L GHSA-cw76-xvhc-pwcw	<2.6.1-r1
L GHSA-3wvx-cc6q-7chr	<2.6.1-r1
L GHSA-2gpm-g93x-8fr4	<2.6.1-r1
L GHSA-q6h4-g972-8qqw	<2.6.1-r1
L GHSA-p79f-679r-6p3w	<2.6.1-r1
L GHSA-4cj3-9m97-2989	<2.6.1-r1
H Authorization Bypass Through User-Controlled Key	<2.6.1-r1
H Directory Traversal	<2.6.1-r1
L GHSA-gw3x-gpwc-g528	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
M Improper Input Validation	<2.6.1-r1
L GHSA-66cv-679x-3ffv	<2.6.1-r1
M Improper Restriction of Excessive Authentication Attempts	<2.6.1-r1
C CVE-2019-9485	<2.6.1-r1
L GHSA-94fv-wxc5-f8vm	<2.6.1-r1
M Authorization Bypass Through User-Controlled Key	<2.6.1-r1
L GHSA-j6mw-w229-ppqm	<2.6.1-r1
H Arbitrary Command Injection	<2.6.1-r1
L GHSA-jc72-5mcm-wv54	<2.6.1-r1
L GHSA-2jcr-4r89-72r6	<2.6.1-r1
L GHSA-h7pc-v4hv-wjwm	<2.6.1-r1
L GHSA-cr8m-4w78-jxp2	<2.6.1-r1
L GHSA-3p78-2x5r-gjpp	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
L GHSA-6j9g-hv65-w2mh	<2.6.1-r1
L GHSA-2w2f-9xfg-pc7q	<2.6.1-r1
L GHSA-7992-h6p9-pc8m	<2.6.1-r1
L GHSA-wm64-hhrx-w2h7	<2.6.1-r1
M Improper Input Validation	<2.6.1-r1
C CVE-2019-9217	<2.6.1-r1
L GHSA-wmcm-x8vj-qqp7	<2.6.1-r1
L GHSA-gx75-66mx-pjmm	<2.6.1-r1
M CVE-2019-9178	<2.6.1-r1
H Missing Authentication for Critical Function	<2.6.1-r1
L GHSA-g592-5fxh-qhrv	<2.6.1-r1
H Resource Exhaustion	<2.6.1-r1
M CVE-2019-19260	<2.6.1-r1
H Allocation of Resources Without Limits or Throttling	<2.6.1-r1
L GHSA-qrcv-45vg-jfwm	<2.6.1-r1
M Information Exposure	<2.6.1-r1
L GHSA-pqhq-pv8w-43hj	<2.6.1-r1
L GHSA-g927-v8jh-hjfq	<2.6.1-r1
L GHSA-v9h3-mqgc-w575	<2.6.1-r1
H Resource Exhaustion	<2.6.1-r1
L GHSA-55ff-j47x-6xcq	<2.6.1-r1
L GHSA-pg9r-mg67-jxwg	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
H CVE-2018-15472	<2.6.1-r1
H Missing Authorization	<2.6.1-r1
M Information Exposure	<2.6.1-r1
H Cross-site Request Forgery (CSRF)	<2.6.1-r1
H Resource Exhaustion	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
L CVE-2025-61729	<2.6.1-r1
L GHSA-26w4-3wx5-pc45	<2.6.1-r1
L GHSA-74mh-x92q-wp74	<2.6.1-r1
L GHSA-wmfr-vxm2-px6q	<2.6.1-r1
L Information Exposure	<2.6.1-r1
L GHSA-x79q-qfgr-wrvw	<2.6.1-r1
M Information Exposure	<2.6.1-r1
L GHSA-54fp-mchx-c7m5	<2.6.1-r1
L GHSA-fvw3-2rq4-x8qv	<2.6.1-r1
M Cross-site Request Forgery (CSRF)	<2.6.1-r1
L GHSA-vwxf-55xh-p3xf	<2.6.1-r1
L GHSA-7c64-f9jr-v9h2	<2.6.1-r1
M Missing Authorization	<2.6.1-r1
L GHSA-97gm-qxrm-c6w2	<2.6.1-r1
H Cross-site Request Forgery (CSRF)	<2.6.1-r1
M Open Redirect	<2.6.1-r1
L Missing Authorization	<2.6.1-r1
H HTTP Request Smuggling	<2.6.1-r1
L GHSA-23rp-cxj2-cgcm	<2.6.1-r1
L GHSA-6p8w-9h2c-mmf6	<2.6.1-r1
L GHSA-6w2q-694x-ccv5	<2.6.1-r1
L GHSA-562h-vcm3-9w8r	<2.6.1-r1
L GHSA-8w99-w8qh-2732	<2.6.1-r1
L GHSA-r86w-x85m-w6rj	<2.6.1-r1
L GHSA-p66q-2x4m-xxx9	<2.6.1-r1
L GHSA-rvxr-qvvc-m3g5	<2.6.1-r1
M Information Exposure	<2.6.1-r1
M Incorrect Permission Assignment for Critical Resource	<2.6.1-r1
L GHSA-v7wh-rwr5-886x	<2.6.1-r1
H Directory Traversal	<2.6.1-r1
C CVE-2019-9218	<2.6.1-r1
H CVE-2020-10087	<2.6.1-r1
L GHSA-ff73-cwc3-6v5j	<2.6.1-r1
L GHSA-4jm7-cxrm-w3f4	<2.6.1-r1
M CVE-2020-10081	<2.6.1-r1
L GHSA-54h4-gjc6-h34h	<2.6.1-r1
L GHSA-v6wj-hx5h-fhwp	<2.6.1-r1
M Incorrect Permission Assignment for Critical Resource	<2.6.1-r1
M Authorization Bypass Through User-Controlled Key	<2.6.1-r1
L GHSA-6gjc-rr77-h8h6	<2.6.1-r1
L GHSA-4vjw-pw4f-26mc	<2.6.1-r1
L GHSA-p46f-r59p-v4jf	<2.6.1-r1
L GHSA-fvvr-8pf3-2fhf	<2.6.1-r1
L GHSA-4v9p-4wgj-v3f6	<2.6.1-r1
M CVE-2019-9172	<2.6.1-r1
M Server-Side Request Forgery (SSRF)	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
L GHSA-q439-vprm-5c8j	<2.6.1-r1
L GHSA-79q9-8ff3-x4g2	<2.6.1-r1
H Directory Traversal	<2.6.1-r1
L GHSA-6v4w-cqrg-xv3g	<2.6.1-r1
L GHSA-4j42-wq8q-c389	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
L GHSA-2358-4vrj-w4hc	<2.6.1-r1
L GHSA-c459-gw6c-ch4j	<2.6.1-r1
H Arbitrary Command Injection	<2.6.1-r1
L GHSA-9q79-pqhq-v25q	<2.6.1-r1
M CVE-2019-19257	<2.6.1-r1
H Directory Traversal	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
L GHSA-2h39-hw8g-2q24	<2.6.1-r1
L GHSA-533c-ppxj-mjqj	<2.6.1-r1
L GHSA-vp89-phvm-4cjr	<2.6.1-r1
H Information Exposure	<2.6.1-r1
M CVE-2019-15726	<2.6.1-r1
L GHSA-84hw-r4c9-fp45	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
L GHSA-wxm8-9v8q-cpxr	<2.6.1-r1
M Incorrect Permission Assignment for Critical Resource	<2.6.1-r1
L GHSA-hxvp-f87c-vpq8	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
M Incorrect Permission Assignment for Critical Resource	<2.6.1-r1
M Arbitrary Code Injection	<2.6.1-r1
H Improper Input Validation	<2.6.1-r1
M Incorrect Permission Assignment for Critical Resource	<2.6.1-r1
L GHSA-cfwx-6jvv-mvcm	<2.6.1-r1
L GHSA-9v48-rxrr-h9qh	<2.6.1-r1
M CVE-2019-6795	<2.6.1-r1
M Improper Privilege Management	<2.6.1-r1
M Information Exposure	<2.6.1-r1
L GHSA-h5fq-66m8-wp4v	<2.6.1-r1
M CVE-2019-18448	<2.6.1-r1
M Server-Side Request Forgery (SSRF)	<2.6.1-r1
M Integer Overflow or Wraparound	<2.6.1-r1
L GHSA-f4ff-rc49-g8hc	<2.6.1-r1
L GHSA-8395-cmcp-8vmc	<2.6.1-r1
L GHSA-jwfx-6cm3-63qg	<2.6.1-r1
L GHSA-c354-rm47-933j	<2.6.1-r1
L GHSA-9r3x-jfv9-5w6c	<2.6.1-r1
M CVE-2019-15591	<2.6.1-r1
L GHSA-h4mq-8rq4-7m7x	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
L GHSA-4w7w-4ppq-m6f2	<2.6.1-r1
H Authorization Bypass Through User-Controlled Key	<2.6.1-r1
L GHSA-8xwc-6h6p-hh69	<2.6.1-r1
L GHSA-mf63-gqmm-mv3v	<2.6.1-r1
H Information Exposure	<2.6.1-r1
M Arbitrary Command Injection	<2.6.1-r1
L GHSA-4fv6-2265-mqxm	<2.6.1-r1
C Directory Traversal	<2.6.1-r1
C Server-Side Request Forgery (SSRF)	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
L GHSA-475m-qj5v-hvq3	<2.6.1-r1
L GHSA-qjfq-84f6-v57x	<2.6.1-r1
L GHSA-wq7h-qgq6-wjqm	<2.6.1-r1
M Improper Authentication	<2.6.1-r1
L GHSA-g6g8-99m5-jj82	<2.6.1-r1
H CVE-2019-15589	<2.6.1-r1
L GHSA-v3p6-8992-mc58	<2.6.1-r1
H Inadequate Encryption Strength	<2.6.1-r1
H Missing Authorization	<2.6.1-r1
M Incorrect Permission Assignment for Critical Resource	<2.6.1-r1
L GHSA-mwvc-fhmm-47cq	<2.6.1-r1
H Resource Exhaustion	<2.6.1-r1
H Weak Password Recovery Mechanism for Forgotten Password	<2.6.1-r1
L GHSA-3rm3-2566-pgwv	<2.6.1-r1
L GHSA-q9g2-gp7g-r5fj	<2.6.1-r1
M Resource Exhaustion	<2.6.1-r1
M Cross-site Scripting (XSS)	<2.6.1-r1
H Information Exposure	<2.6.1-r1
M Improper Preservation of Permissions	<2.6.1-r1
L GHSA-cfp2-8mw9-wg68	<2.6.1-r1
M CVE-2018-17453	<2.6.1-r1
L Incorrect Execution-Assigned Permissions	<2.5.1-r1
L GHSA-m6hq-p25p-ffr2	<2.5.1-r1
L Memory Leak	<2.5.1-r1
L GHSA-pwhc-rpq9-4c8w	<2.5.1-r1

Vulnerability

Vulnerable Version

GHSA-wh39-vq4j-xpj4

<2.6.1-r1