GitLab 16.4.0 Community Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:*
part: a version: 16.4.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.305790 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-5207 |
vulnerable | 2026-06-03 14:53:47.975478 |
Execution with Unnecessary Privileges in GitLab
HIGH (8.2)
A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.
Published: 2023-09-30T08:30:30.788Z
Updated: 2025-11-20T04:10:28.256Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5198 |
vulnerable | 2026-06-03 14:53:47.954444 |
Incorrect Authorization in GitLab
MEDIUM (4.3)
An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys.
Published: 2023-09-29T07:01:42.219Z
Updated: 2026-05-17T04:06:13.122Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4532 |
vulnerable | 2026-06-03 14:53:28.448954 |
Incorrect Authorization in GitLab
MEDIUM (4.3)
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of.
Published: 2023-09-29T06:02:01.299Z
Updated: 2026-04-26T04:06:54.749Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3979 |
vulnerable | 2026-06-03 14:52:42.287439 |
Incorrect Authorization in GitLab
LOW (3.1)
An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch.
Published: 2023-09-29T06:02:06.310Z
Updated: 2026-05-08T04:06:39.092Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3922 |
vulnerable | 2026-06-03 14:52:42.134342 |
URL Redirection to Untrusted Site ('Open Redirect') in GitLab
LOW (3)
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page.
Published: 2023-09-29T07:30:50.402Z
Updated: 2026-04-25T04:05:19.195Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3920 |
vulnerable | 2026-06-03 14:52:42.133737 |
Incorrect Authorization in GitLab
MEDIUM (4.3)
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation.
Published: 2023-09-29T06:02:31.303Z
Updated: 2026-04-25T04:05:14.315Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3917 |
vulnerable | 2026-06-03 14:52:42.133192 |
Improper Validation of Specified Type of Input in GitLab
MEDIUM (4.3)
Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.
Published: 2023-09-29T06:02:26.304Z
Updated: 2026-04-29T04:04:53.712Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3906 |
vulnerable | 2026-06-03 14:52:42.130498 |
Improper Validation of Specified Type of Input in GitLab
LOW (3.5)
An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.
Published: 2023-09-29T06:02:16.308Z
Updated: 2025-11-20T04:08:18.260Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3413 |
vulnerable | 2026-06-03 14:52:40.751687 |
Insertion of Sensitive Information Into Sent Data in GitLab
MEDIUM (6.5)
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members.
Published: 2023-09-29T08:30:56.742Z
Updated: 2025-11-20T04:07:38.285Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3115 |
vulnerable | 2026-06-03 14:52:39.957061 |
Incorrect User Management in GitLab
MEDIUM (5.4)
An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.
Published: 2023-09-29T06:02:51.300Z
Updated: 2025-11-20T04:06:58.296Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2233 |
vulnerable | 2026-06-03 14:51:42.427510 |
Missing Authorization in GitLab
LOW (3.1)
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects.
Published: 2023-09-29T06:30:51.179Z
Updated: 2025-11-20T04:06:48.254Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0989 |
vulnerable | 2026-06-03 14:48:53.463266 |
Improper Ownership Management in GitLab
MEDIUM (4.3)
An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration.
Published: 2023-09-29T06:30:56.081Z
Updated: 2025-11-20T04:06:08.264Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.