GCVE - cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:17.0.0:*:*:*:community:*:*:*

part: a version: 17.0.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352072

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-5318`	vulnerable	2026-06-03 14:57:52.372551	Missing Authorization in GitLab MEDIUM (4) An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts. Published: 2024-05-24T12:44:25.720Z Updated: 2024-10-03T06:23:19.497Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/427526 https://hackerone.com/reports/2189464	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5258`	vulnerable	2026-06-03 14:57:52.219595	Authorization Bypass Through User-Controlled Key in GitLab MEDIUM (4.4) An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic. Published: 2024-05-23T11:02:06.904Z Updated: 2024-08-29T15:04:59.201Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/443254	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4835`	vulnerable	2026-06-03 14:57:16.288529	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab HIGH (8) A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information. Published: 2024-05-23T06:30:50.384Z Updated: 2024-09-17T15:33:50.607Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/461328 https://hackerone.com/reports/2497024	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-2874`	vulnerable	2026-06-03 14:55:36.417936	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources. Published: 2024-05-23T07:02:35.610Z Updated: 2024-10-03T06:23:19.176Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/451911 https://hackerone.com/reports/2426166	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1947`	vulnerable	2026-06-03 14:54:35.061804	Improper Handling of Highly Compressed Data (Data Amplification) in GitLab MEDIUM (4.3) A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. Published: 2024-05-23T11:02:21.780Z Updated: 2024-10-03T06:23:18.622Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/443559 https://hackerone.com/reports/2380264	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-7045`	vulnerable	2026-06-03 14:53:59.815711	Cross-Site Request Forgery (CSRF) in GitLab MEDIUM (5.4) A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS). Published: 2024-05-23T11:02:26.796Z Updated: 2024-09-18T13:11:01.842Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/436358 https://hackerone.com/reports/2286823	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-6502`	vulnerable	2026-06-03 14:53:52.006897	Inefficient Regular Expression Complexity in GitLab MEDIUM (4.3) A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page. Published: 2024-05-23T11:02:31.779Z Updated: 2024-10-03T06:23:16.789Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/433534 https://hackerone.com/reports/2263638	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.