GitLab 16.7.0 Enterprise Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*
part: a version: 16.7.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | enterprise |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.305867 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-2279 |
vulnerable | 2026-06-03 14:55:28.865417 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
HIGH (8.7)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.
Published: 2024-04-12T00:53:21.240Z
Updated: 2026-05-02T04:05:37.944Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-6955 |
vulnerable | 2026-06-03 14:53:59.433350 |
Missing Authorization in GitLab
MEDIUM (6.6)
A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
Published: 2024-01-12T13:56:31.881Z
Updated: 2026-05-25T23:00:20.223Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5356 |
vulnerable | 2026-06-03 14:53:48.395489 |
Incorrect Authorization in GitLab
HIGH (7.3)
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.
Published: 2024-01-12T13:56:51.714Z
Updated: 2026-04-28T04:05:15.311Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4812 |
vulnerable | 2026-06-03 14:53:29.723480 |
Incorrect Authorization in GitLab
HIGH (7.6)
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request.
Published: 2024-01-12T13:56:56.701Z
Updated: 2026-05-01T04:05:16.393Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2030 |
vulnerable | 2026-06-03 14:51:42.030527 |
Improper Verification of Cryptographic Signature in GitLab
LOW (3.5)
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
Published: 2024-01-12T13:57:06.694Z
Updated: 2025-11-20T04:06:38.255Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.