GCVE - cpe:2.3:a:gitlab:gitlab:16.5.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:16.5.0:*:*:*:enterprise:*:*:*

part: a version: 16.5.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.305814

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-5963`	vulnerable	2026-06-03 14:53:50.032726	Allocation of Resources Without Limits or Throttling in GitLab LOW (3.1) An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators. Published: 2023-11-06T12:18:56.276Z Updated: 2026-06-04T04:09:15.482Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/423468	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5831`	vulnerable	2026-06-03 14:53:49.749897	Insertion of Sensitive Information Into Sent Data in GitLab LOW (3.7) An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. Published: 2023-11-06T10:30:28.442Z Updated: 2026-06-02T04:13:27.636Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/428919	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5825`	vulnerable	2026-06-03 14:53:49.732784	Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab MEDIUM (6.5) An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service. Published: 2023-11-06T10:30:38.334Z Updated: 2026-04-29T04:05:16.721Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/428984 https://hackerone.com/reports/2218566	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5600`	vulnerable	2026-06-03 14:53:49.071205	Missing Authorization in GitLab LOW (3.1) An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template. Published: 2025-06-20T19:31:08.397Z Updated: 2025-06-20T19:52:09.173Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/428268 https://hackerone.com/reports/2209702	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4700`	vulnerable	2026-06-03 14:53:29.504053	Missing Authorization in GitLab LOW (3.5) An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. Published: 2023-11-06T17:30:35.198Z Updated: 2025-11-20T04:09:53.262Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/421937 https://hackerone.com/reports/2129826	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3909`	vulnerable	2026-06-03 14:52:42.131398	Inefficient Regular Expression Complexity in GitLab MEDIUM (4.3) An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file. Published: 2023-11-06T12:08:45.129Z Updated: 2025-11-20T04:08:28.265Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/418763 https://hackerone.com/reports/2050269	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3246`	vulnerable	2026-06-03 14:52:40.260179	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (4.3) An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor. Published: 2023-11-06T12:01:43.918Z Updated: 2025-11-20T04:07:13.254Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/415371 https://hackerone.com/reports/2014157	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.