GitLab 16.8.0 Enterprise Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:enterprise:*:*:*
part: a version: 16.8.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | enterprise |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.305897 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-0456 |
vulnerable | 2026-06-03 14:54:02.796157 |
Direct Request ('Forced Browsing') in GitLab
MEDIUM (4.3)
An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
Published: 2024-01-26T01:02:43.953Z
Updated: 2026-06-05T22:59:50.196Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0402 |
vulnerable | 2026-06-03 14:54:02.350377 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
CRITICAL (9.9)
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
Published: 2024-01-26T01:02:39.052Z
Updated: 2026-06-03T04:08:40.742Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-6159 |
vulnerable | 2026-06-03 14:53:51.032604 |
Inefficient Regular Expression Complexity in GitLab
MEDIUM (6.5)
An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input.
Published: 2024-01-26T02:02:29.909Z
Updated: 2026-05-06T04:06:19.058Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5933 |
vulnerable | 2026-06-03 14:53:49.955804 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
MEDIUM (6.4)
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
Published: 2024-01-26T01:02:58.931Z
Updated: 2026-04-25T04:05:38.198Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5612 |
vulnerable | 2026-06-03 14:53:49.089543 |
Missing Authorization in GitLab
MEDIUM (5.3)
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
Published: 2024-01-26T02:02:39.783Z
Updated: 2025-11-20T04:10:48.267Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.