GCVE - cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*

part: a version: 16.7.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.305866

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-2279`	vulnerable	2026-06-03 14:55:28.864558	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab HIGH (8.7) An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. Published: 2024-04-12T00:53:21.240Z Updated: 2026-05-02T04:05:37.944Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/448469 https://hackerone.com/reports/2404710	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-6955`	vulnerable	2026-06-03 14:53:59.432734	Missing Authorization in GitLab MEDIUM (6.6) A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. Published: 2024-01-12T13:56:31.881Z Updated: 2026-05-25T23:00:20.223Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/432188	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5356`	vulnerable	2026-06-03 14:53:48.394904	Incorrect Authorization in GitLab HIGH (7.3) Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user. Published: 2024-01-12T13:56:51.714Z Updated: 2026-04-28T04:05:15.311Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/427154 https://hackerone.com/reports/2188868	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2030`	vulnerable	2026-06-03 14:51:42.029893	Improper Verification of Cryptographic Signature in GitLab LOW (3.5) An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits. Published: 2024-01-12T13:57:06.694Z Updated: 2025-11-20T04:06:38.255Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/407252 https://hackerone.com/reports/1929929	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.