GitLab 17.1.0 Community Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:community:*:*:*
part: a version: 17.1.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.352121 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-5655 |
vulnerable | 2026-06-03 14:57:53.659099 |
Improper Access Control in GitLab
CRITICAL (9.6)
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.
Published: 2024-06-26T23:30:55.421Z
Updated: 2024-09-17T15:33:21.131Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5430 |
vulnerable | 2026-06-03 14:57:52.769557 |
Improper Access Control in GitLab
MEDIUM (6.8)
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL.
Published: 2024-06-26T23:30:50.436Z
Updated: 2024-08-29T15:04:59.442Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4994 |
vulnerable | 2026-06-03 14:57:16.674069 |
Cross-Site Request Forgery (CSRF) in GitLab
HIGH (8.1)
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations.
Published: 2025-06-20T18:14:37.887Z
Updated: 2025-06-23T15:22:37.297Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4901 |
vulnerable | 2026-06-03 14:57:16.455288 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
HIGH (8.7)
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes.
Published: 2024-06-26T23:31:05.422Z
Updated: 2024-09-17T17:02:23.803Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4557 |
vulnerable | 2026-06-03 14:57:15.755691 |
Uncontrolled Resource Consumption in GitLab
MEDIUM (6.5)
Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai pipeline.
Published: 2024-06-26T23:31:10.425Z
Updated: 2024-08-29T15:04:58.095Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4025 |
vulnerable | 2026-06-03 14:57:14.562157 |
Inefficient Regular Expression Complexity in GitLab
MEDIUM (6.5)
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page.
Published: 2025-06-20T18:14:33.011Z
Updated: 2025-06-23T15:22:59.976Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4011 |
vulnerable | 2026-06-03 14:57:14.533281 |
Improper Access Control in GitLab
LOW (3.1)
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives.
Published: 2024-06-26T23:31:20.436Z
Updated: 2025-01-09T21:38:32.388Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3959 |
vulnerable | 2026-06-03 14:56:32.526886 |
Improper Authorization in GitLab
MEDIUM (6.5)
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user.
Published: 2024-06-26T23:31:25.425Z
Updated: 2024-08-29T15:04:57.412Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3115 |
vulnerable | 2026-06-03 14:56:23.512759 |
Exposure of Sensitive Information to an Unauthorized Actor in GitLab
MEDIUM (4.3)
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat.
Published: 2024-06-26T23:31:35.425Z
Updated: 2024-08-30T13:24:42.967Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2191 |
vulnerable | 2026-06-03 14:55:28.634459 |
Improper Access Control in GitLab
MEDIUM (5.3)
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only.
Published: 2024-06-26T23:31:45.431Z
Updated: 2024-09-17T16:01:03.749Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2177 |
vulnerable | 2026-06-03 14:55:28.548609 |
Improper Restriction of Rendered UI Layers or Frames in GitLab
MEDIUM (6.8)
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload.
Published: 2024-07-09T13:30:57.825Z
Updated: 2024-09-17T16:00:34.552Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1816 |
vulnerable | 2026-06-03 14:54:34.719560 |
Uncontrolled Resource Consumption in GitLab
MEDIUM (5.3)
An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI file.
Published: 2024-06-26T23:31:50.436Z
Updated: 2024-08-29T15:04:55.560Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1493 |
vulnerable | 2026-06-03 14:54:27.127188 |
Uncontrolled Resource Consumption in GitLab
MEDIUM (6.5)
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the server
Published: 2024-06-26T23:31:55.434Z
Updated: 2024-08-30T13:24:42.450Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.