GCVE - cpe:2.3:a:gitlab:gitlab:17.11.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:17.11.0:*:*:*:enterprise:*:*:*

part: a version: 17.11.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352125

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2443`	vulnerable	2026-06-03 15:00:25.509791	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab HIGH (8.7) An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Published: 2025-06-20T17:12:54.738Z Updated: 2025-06-20T17:27:26.650Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/525363 https://hackerone.com/reports/3037340	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1908`	vulnerable	2026-06-03 14:59:06.798998	Business Logic Errors in GitLab HIGH (7.7) An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Published: 2025-04-24T07:30:51.255Z Updated: 2025-04-24T15:23:23.164Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/523065 https://hackerone.com/reports/3016623	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1763`	vulnerable	2026-06-03 14:59:06.449224	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab HIGH (8.7) An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Published: 2025-05-30T11:02:36.384Z Updated: 2025-05-30T12:50:13.554Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/521718 https://hackerone.com/reports/3016600	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0639`	vulnerable	2026-06-03 14:58:32.537882	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Published: 2025-04-24T07:31:06.117Z Updated: 2025-04-24T15:23:17.586Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/514507 https://hackerone.com/reports/2946553	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12244`	vulnerable	2026-06-03 14:54:15.907996	Missing Authorization in GitLab MEDIUM (4.3) An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1. Published: 2025-04-24T07:31:11.125Z Updated: 2025-04-24T15:23:11.499Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/508046 https://hackerone.com/reports/2862754	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.