GCVE - cpe:2.3:a:gitlab:gitlab:16.0.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:16.0.0:*:*:*:community:*:*:*

part: a version: 16.0.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.305674

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-2825`	vulnerable	2026-06-03 14:51:44.086103	Details available CRITICAL (10) An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. Published: 2023-05-26T00:00:00.000Z Updated: 2025-01-15T15:45:18.054Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/412371 https://hackerone.com/reports/1994725 https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.