GitLab 16.6.0 Enterprise Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*
part: a version: 16.6.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | enterprise |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.305840 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-5995 |
vulnerable | 2026-06-03 14:53:50.139567 |
Incorrect Authorization in GitLab
MEDIUM (4.4)
An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects.
Published: 2023-12-01T07:01:28.253Z
Updated: 2025-11-20T04:11:03.258Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5226 |
vulnerable | 2026-06-03 14:53:48.018758 |
Improper Control of Generation of Code ('Code Injection') in GitLab
MEDIUM (4.8)
An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI.
Published: 2023-12-01T07:01:43.131Z
Updated: 2026-04-23T04:05:16.458Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4912 |
vulnerable | 2026-06-03 14:53:29.965469 |
Allocation of Resources Without Limits or Throttling in GitLab
LOW (2.6)
An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.
Published: 2023-12-01T07:01:48.155Z
Updated: 2026-04-30T04:06:57.160Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4658 |
vulnerable | 2026-06-03 14:53:29.243302 |
Incorrect Authorization in GitLab
LOW (3.1)
An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group.
Published: 2023-12-01T07:01:58.125Z
Updated: 2026-04-26T04:06:59.596Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4317 |
vulnerable | 2026-06-03 14:53:27.824494 |
Incorrect Authorization in GitLab
MEDIUM (4.3)
An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch.
Published: 2023-12-01T07:02:03.130Z
Updated: 2025-11-20T04:09:33.265Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3964 |
vulnerable | 2026-06-03 14:52:42.231022 |
Incorrect Authorization in GitLab
MEDIUM (4.3)
An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.
Published: 2023-12-01T07:02:18.158Z
Updated: 2026-05-06T04:05:57.591Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3949 |
vulnerable | 2026-06-03 14:52:42.203478 |
Insertion of Sensitive Information Into Sent Data in GitLab
MEDIUM (5.3)
An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members.
Published: 2023-12-01T07:02:13.130Z
Updated: 2025-11-20T04:09:03.271Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3443 |
vulnerable | 2026-06-03 14:52:40.871745 |
Incorrect Authorization in GitLab
LOW (3.1)
An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items.
Published: 2023-12-01T07:02:33.126Z
Updated: 2025-11-20T04:07:43.258Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.