Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:*:*:*:*
part: a version: 16.9.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.352038 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-2279 |
vulnerable | 2026-06-03 14:55:28.865963 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
HIGH (8.7)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.
Published: 2024-04-12T00:53:21.240Z
Updated: 2026-05-02T04:05:37.944Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1525 |
vulnerable | 2026-06-03 14:54:27.206182 |
Authentication Bypass Using an Alternate Path or Channel in GitLab
MEDIUM (5.3)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.
Published: 2024-02-21T23:30:44.816Z
Updated: 2026-06-02T04:14:44.730Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1451 |
vulnerable | 2026-06-03 14:54:26.951440 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
HIGH (8.7)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims."
Published: 2024-02-21T23:30:49.790Z
Updated: 2026-05-23T04:05:17.051Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0410 |
vulnerable | 2026-06-03 14:54:02.620760 |
Improper Enforcement of Behavioral Workflow in GitLab
HIGH (7.7)
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.
Published: 2024-02-21T23:30:59.792Z
Updated: 2025-11-20T04:11:49.579Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3509 |
vulnerable | 2026-06-03 14:52:41.036692 |
Incorrect Authorization in GitLab
LOW (3.7)
An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated with projects in the group.
Published: 2024-02-21T22:57:15.488Z
Updated: 2025-11-20T04:07:58.271Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.