GCVE - cpe:2.3:a:gitlab:gitlab:16.5.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:16.5.0:*:*:*:community:*:*:*

part: a version: 16.5.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.305812

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-5831`	vulnerable	2026-06-03 14:53:49.749879	Insertion of Sensitive Information Into Sent Data in GitLab LOW (3.7) An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. Published: 2023-11-06T10:30:28.442Z Updated: 2026-06-02T04:13:27.636Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/428919	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5825`	vulnerable	2026-06-03 14:53:49.732730	Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab MEDIUM (6.5) An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service. Published: 2023-11-06T10:30:38.334Z Updated: 2026-04-29T04:05:16.721Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/428984 https://hackerone.com/reports/2218566	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3909`	vulnerable	2026-06-03 14:52:42.131380	Inefficient Regular Expression Complexity in GitLab MEDIUM (4.3) An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file. Published: 2023-11-06T12:08:45.129Z Updated: 2025-11-20T04:08:28.265Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/418763 https://hackerone.com/reports/2050269	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3246`	vulnerable	2026-06-03 14:52:40.259591	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (4.3) An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor. Published: 2023-11-06T12:01:43.918Z Updated: 2025-11-20T04:07:13.254Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/415371 https://hackerone.com/reports/2014157	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.