GCVE - cpe:2.3:a:gitlab:gitlab:17.4.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:17.4.0:*:*:*:enterprise:*:*:*

part: a version: 17.4.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352233

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-8974`	vulnerable	2026-06-03 14:58:20.139213	Incorrect Provision of Specified Functionality in GitLab LOW (2.6) Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project." Published: 2024-09-26T23:02:00.153Z Updated: 2024-09-27T15:46:48.041Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/482843	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4278`	vulnerable	2026-06-03 14:57:15.117889	Incorrect Synchronization in GitLab MEDIUM (5.5) An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting. Published: 2024-09-26T06:30:59.796Z Updated: 2024-09-26T17:26:34.539Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/458484 https://hackerone.com/reports/2466205	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4099`	vulnerable	2026-06-03 14:57:14.727016	Improper Encoding or Escaping of Output in GitLab LOW (3.1) An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection. Published: 2024-09-26T23:02:15.810Z Updated: 2024-09-27T15:48:49.456Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/457798 https://hackerone.com/reports/2459597	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10383`	vulnerable	2026-06-03 14:54:05.468745	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork HIGH (8.7) An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE Published: 2025-02-07T14:12:41.757Z Updated: 2025-02-12T15:17:24.562Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/500785 https://hackerone.com/reports/2765778	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.