GitLab 16.3.0 Enterprise Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*
part: a version: 16.3.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | enterprise |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.305772 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-4647 |
vulnerable | 2026-06-03 14:53:29.236698 |
Allocation of Resources Without Limits or Throttling in GitLab
MEDIUM (5.3)
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.
Published: 2023-09-01T10:30:27.108Z
Updated: 2026-06-02T04:13:14.397Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4630 |
vulnerable | 2026-06-03 14:53:29.196221 |
Missing Authorization in GitLab
MEDIUM (5)
An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports.
Published: 2023-09-11T13:01:02.519Z
Updated: 2026-06-02T04:13:09.394Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4378 |
vulnerable | 2026-06-03 14:53:27.888023 |
Insertion of Sensitive Information Into Sent Data in GitLab
MEDIUM (5.5)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365.
Published: 2023-09-01T10:30:31.991Z
Updated: 2026-04-24T04:06:57.149Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4018 |
vulnerable | 2026-06-03 14:53:26.932760 |
Direct Request ('Forced Browsing') in GitLab
MEDIUM (4.3)
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects.
Published: 2023-09-01T10:30:41.985Z
Updated: 2026-04-27T04:06:36.504Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3950 |
vulnerable | 2026-06-03 14:52:42.203949 |
Cleartext Storage of Sensitive Information in GitLab
MEDIUM (5.5)
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.
Published: 2023-09-01T10:30:46.990Z
Updated: 2026-05-06T04:05:52.878Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3915 |
vulnerable | 2026-06-03 14:52:42.132571 |
Incorrect Execution-Assigned Permissions in GitLab
MEDIUM (6.5)
An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects.
Published: 2023-09-01T10:01:16.853Z
Updated: 2026-05-13T04:04:58.023Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3914 |
vulnerable | 2026-06-03 14:52:42.131936 |
Incorrect User Management in GitLab
MEDIUM (5.4)
A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.
Published: 2023-09-29T06:02:21.304Z
Updated: 2026-04-28T04:04:57.469Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3210 |
vulnerable | 2026-06-03 14:52:40.188499 |
Inefficient Regular Expression Complexity in GitLab
MEDIUM (6.5)
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.
Published: 2023-09-01T10:31:06.983Z
Updated: 2025-11-20T04:07:08.262Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3205 |
vulnerable | 2026-06-03 14:52:40.182421 |
Inefficient Regular Expression Complexity in GitLab
MEDIUM (6.5)
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.
Published: 2023-09-01T10:01:26.675Z
Updated: 2025-11-20T04:07:03.335Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-1555 |
vulnerable | 2026-06-03 14:48:55.734195 |
Missing Authorization in GitLab
LOW (2.7)
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API.
Published: 2023-09-01T10:01:36.711Z
Updated: 2025-11-20T04:06:28.258Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-1279 |
vulnerable | 2026-06-03 14:48:54.205546 |
URL Redirection to Untrusted Site in GitLab
LOW (2.6)
An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project.
Published: 2023-09-01T10:01:41.677Z
Updated: 2025-11-20T04:06:18.262Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0120 |
vulnerable | 2026-06-03 14:48:45.659215 |
Incorrect Authorization in GitLab
LOW (3.5)
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user.
Published: 2023-09-01T10:01:51.685Z
Updated: 2025-11-20T04:05:58.275Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4343 |
vulnerable | 2026-06-03 14:48:35.548535 |
Exposure of Sensitive Information to an Unauthorized Actor in GitLab
MEDIUM (5)
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.
Published: 2023-09-01T10:01:56.677Z
Updated: 2025-11-20T04:05:53.441Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.