GCVE - cpe:2.3:a:gitlab:gitlab:17.9.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:17.9.0:*:*:*:enterprise:*:*:*

part: a version: 17.9.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352329

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2045`	vulnerable	2026-06-03 15:00:15.710681	Incorrect Authorization in GitLab MEDIUM (4.3) Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data. Published: 2025-03-06T13:04:16.661Z Updated: 2025-03-06T16:07:19.120Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/512050 https://hackerone.com/reports/2921111	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0555`	vulnerable	2026-06-03 14:58:32.415956	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab HIGH (7.7) A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions. Published: 2025-03-03T16:02:28.441Z Updated: 2025-03-04T16:50:43.845Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/514004 https://hackerone.com/reports/2939833	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0475`	vulnerable	2026-06-03 14:58:32.286190	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab HIGH (8.7) An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances. Published: 2025-03-03T10:30:47.570Z Updated: 2025-03-03T12:07:55.921Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/513142 https://hackerone.com/reports/2932309	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8186`	vulnerable	2026-06-03 14:58:17.369681	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab MEDIUM (5.4) An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations. Published: 2025-03-03T10:02:44.912Z Updated: 2025-03-03T12:32:03.051Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/480751 https://hackerone.com/reports/2655757	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10925`	vulnerable	2026-06-03 14:54:12.976398	Authorization Bypass Through User-Controlled Key in GitLab MEDIUM (5.3) A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML Published: 2025-03-03T11:02:24.017Z Updated: 2025-08-26T19:58:07.582Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/502857 https://hackerone.com/reports/2818270	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.