GCVE - cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:enterprise:*:*:*

part: a version: 16.9.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352041

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-0861`	vulnerable	2026-06-03 14:54:04.356375	Direct Request ('Forced Browsing') in GitLab MEDIUM (4.3) An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions. Published: 2024-02-21T23:30:39.942Z Updated: 2026-05-01T04:05:36.289Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/439240 https://hackerone.com/reports/2316435	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-6736`	vulnerable	2026-06-03 14:53:58.827736	Inefficient Regular Expression Complexity in GitLab MEDIUM (6.5) An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file. Published: 2024-02-07T22:02:30.947Z Updated: 2026-04-24T04:07:14.453Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/435036 https://hackerone.com/reports/2269023	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-6477`	vulnerable	2026-06-03 14:53:51.955779	Incorrect Privilege Assignment in GitLab MEDIUM (6.7) An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation. Published: 2024-02-21T23:31:09.811Z Updated: 2026-05-15T04:05:17.852Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/433463 https://hackerone.com/reports/2270898	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4895`	vulnerable	2026-06-03 14:53:29.904366	Missing Authorization in GitLab MEDIUM (4.3) An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects Published: 2024-02-22T00:02:43.649Z Updated: 2025-11-20T04:10:03.293Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/424766 https://hackerone.com/reports/2134787	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.