GitLab 17.10.0 Community Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:17.10.0:*:*:*:community:*:*:*
part: a version: 17.10.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.352097 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-2867 |
vulnerable | 2026-06-03 15:00:26.723210 |
Improper Control of Generation of Code ('Code Injection') in GitLab
MEDIUM (4.4)
An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users.
Published: 2025-03-27T14:02:18.359Z
Updated: 2025-03-27T14:18:32.168Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-2255 |
vulnerable | 2026-06-03 15:00:25.043465 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
HIGH (8.7)
An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec.
Published: 2025-03-27T12:30:47.592Z
Updated: 2025-03-27T13:13:21.218Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-2242 |
vulnerable | 2026-06-03 15:00:25.006972 |
Incorrect Authorization in GitLab
HIGH (7.5)
An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects.
Published: 2025-03-27T12:30:57.479Z
Updated: 2025-03-27T13:11:00.331Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0811 |
vulnerable | 2026-06-03 14:58:32.983552 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
HIGH (8.7)
An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting.
Published: 2025-03-27T12:31:07.487Z
Updated: 2025-03-27T13:08:11.807Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12619 |
vulnerable | 2026-06-03 14:54:22.775788 |
Insufficient Granularity of Access Control in GitLab
MEDIUM (5.2)
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects.
Published: 2025-03-28T10:02:13.406Z
Updated: 2025-03-28T13:46:51.887Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10307 |
vulnerable | 2026-06-03 14:54:05.316360 |
Allocation of Resources Without Limits or Throttling in GitLab
MEDIUM (4.3)
An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request.
Published: 2025-03-28T10:02:23.294Z
Updated: 2025-03-28T13:42:16.490Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.