GCVE - cpe:2.3:a:gitlab:gitlab:17.5.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:17.5.0:*:*:*:enterprise:*:*:*

part: a version: 17.5.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352252

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-8312`	vulnerable	2026-06-03 14:58:18.114855	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab HIGH (8.7) An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS. Published: 2024-10-24T09:30:43.270Z Updated: 2024-10-24T12:57:20.551Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/481819 https://hackerone.com/reports/2659386	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6826`	vulnerable	2026-06-03 14:58:04.246499	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file. Published: 2024-10-24T09:30:58.183Z Updated: 2024-10-24T12:56:42.887Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/472928 https://hackerone.com/reports/2571364	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10383`	vulnerable	2026-06-03 14:54:05.469780	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork HIGH (8.7) An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE Published: 2025-02-07T14:12:41.757Z Updated: 2025-02-12T15:17:24.562Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/500785 https://hackerone.com/reports/2765778	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.