GCVE - cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:community:*:*:*

part: a version: 17.6.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352267

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-8237`	vulnerable	2026-06-03 14:58:17.552697	Inefficient Algorithmic Complexity in GitLab MEDIUM (6.5) A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file. Published: 2024-11-26T18:31:00.676Z Updated: 2024-11-26T18:42:11.715Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/480900 https://hackerone.com/reports/2648665	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8177`	vulnerable	2026-06-03 14:58:17.335509	Inefficient Algorithmic Complexity in GitLab MEDIUM (5.3) An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry. Published: 2024-11-26T18:31:05.665Z Updated: 2024-11-26T18:41:50.602Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/480706 https://hackerone.com/reports/2637996	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8114`	vulnerable	2026-06-03 14:58:16.987783	Missing Authorization in GitLab HIGH (8.2) An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges. Published: 2024-11-26T18:31:10.674Z Updated: 2024-11-30T04:55:53.512Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/480494 https://hackerone.com/reports/2649822	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11828`	vulnerable	2026-06-03 14:54:14.930169	Inefficient Algorithmic Complexity in GitLab MEDIUM (4.3) A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch. Published: 2024-11-26T18:41:19.280Z Updated: 2024-11-26T19:53:40.674Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/443559 https://hackerone.com/reports/2380264	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11669`	vulnerable	2026-06-03 14:54:14.643866	Incorrect Authorization in GitLab MEDIUM (6.5) An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes. Published: 2024-11-26T18:41:09.488Z Updated: 2024-11-30T04:55:54.926Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/501528	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11668`	vulnerable	2026-06-03 14:54:14.642419	Insufficient Session Expiration in GitLab MEDIUM (4.2) An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results. Published: 2024-11-26T18:30:45.846Z Updated: 2024-11-26T18:42:38.028Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/456922	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10383`	vulnerable	2026-06-03 14:54:05.470276	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork HIGH (8.7) An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE Published: 2025-02-07T14:12:41.757Z Updated: 2025-02-12T15:17:24.562Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/500785 https://hackerone.com/reports/2765778	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.