GCVE - cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*

part: a version: 16.3.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.305770

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-4647`	vulnerable	2026-06-03 14:53:29.236681	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (5.3) An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances. Published: 2023-09-01T10:30:27.108Z Updated: 2026-06-02T04:13:14.397Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/414502	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4630`	vulnerable	2026-06-03 14:53:29.196202	Missing Authorization in GitLab MEDIUM (5) An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports. Published: 2023-09-11T13:01:02.519Z Updated: 2026-06-02T04:13:09.394Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/415117	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4378`	vulnerable	2026-06-03 14:53:27.888004	Insertion of Sensitive Information Into Sent Data in GitLab MEDIUM (5.5) An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365. Published: 2023-09-01T10:30:31.991Z Updated: 2026-04-24T04:06:57.149Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/422134 https://hackerone.com/reports/2104591	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4018`	vulnerable	2026-06-03 14:53:26.931799	Direct Request ('Forced Browsing') in GitLab MEDIUM (4.3) An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects. Published: 2023-09-01T10:30:41.985Z Updated: 2026-04-27T04:06:36.504Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/420301 https://hackerone.com/reports/2083440	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3950`	vulnerable	2026-06-03 14:52:42.203929	Cleartext Storage of Sensitive Information in GitLab MEDIUM (5.5) An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it. Published: 2023-09-01T10:30:46.990Z Updated: 2026-05-06T04:05:52.878Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/419675 https://hackerone.com/reports/2079154	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3915`	vulnerable	2026-06-03 14:52:42.132550	Incorrect Execution-Assigned Permissions in GitLab MEDIUM (6.5) An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects. Published: 2023-09-01T10:01:16.853Z Updated: 2026-05-13T04:04:58.023Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/417664 https://hackerone.com/reports/2040834	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3210`	vulnerable	2026-06-03 14:52:40.188479	Inefficient Regular Expression Complexity in GitLab MEDIUM (6.5) An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content. Published: 2023-09-01T10:31:06.983Z Updated: 2025-11-20T04:07:08.262Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/415074 https://hackerone.com/reports/2011474	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3205`	vulnerable	2026-06-03 14:52:40.181314	Inefficient Regular Expression Complexity in GitLab MEDIUM (6.5) An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content. Published: 2023-09-01T10:01:26.675Z Updated: 2025-11-20T04:07:03.335Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/415067 https://hackerone.com/reports/2011464	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1555`	vulnerable	2026-06-03 14:48:55.734176	Missing Authorization in GitLab LOW (2.7) An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API. Published: 2023-09-01T10:01:36.711Z Updated: 2025-11-20T04:06:28.258Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/398587 https://hackerone.com/reports/1911908	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1279`	vulnerable	2026-06-03 14:48:54.204962	URL Redirection to Untrusted Site in GitLab LOW (2.6) An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project. Published: 2023-09-01T10:01:41.677Z Updated: 2025-11-20T04:06:18.262Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/395437 https://hackerone.com/reports/1889230	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0120`	vulnerable	2026-06-03 14:48:45.658649	Incorrect Authorization in GitLab LOW (3.5) An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user. Published: 2023-09-01T10:01:51.685Z Updated: 2025-11-20T04:05:58.275Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/387531 https://hackerone.com/reports/1818425	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.