GCVE - cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*

part: a version: 16.7.1 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.305872

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-6955`	vulnerable	2026-06-03 14:53:59.434338	Missing Authorization in GitLab MEDIUM (6.6) A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. Published: 2024-01-12T13:56:31.881Z Updated: 2026-05-25T23:00:20.223Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/432188	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5356`	vulnerable	2026-06-03 14:53:48.396472	Incorrect Authorization in GitLab HIGH (7.3) Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user. Published: 2024-01-12T13:56:51.714Z Updated: 2026-04-28T04:05:15.311Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/427154 https://hackerone.com/reports/2188868	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4812`	vulnerable	2026-06-03 14:53:29.724138	Incorrect Authorization in GitLab HIGH (7.6) An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request. Published: 2024-01-12T13:56:56.701Z Updated: 2026-05-01T04:05:16.393Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/424398 https://hackerone.com/reports/2115574	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2030`	vulnerable	2026-06-03 14:51:42.031576	Improper Verification of Cryptographic Signature in GitLab LOW (3.5) An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits. Published: 2024-01-12T13:57:06.694Z Updated: 2025-11-20T04:06:38.255Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/407252 https://hackerone.com/reports/1929929	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.