GCVE - cpe:2.3:a:gitlab:gitlab:4.3.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:4.3.0:*:*:*:enterprise:*:*:*

part: a version: 4.3.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.446795

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-39882`	vulnerable	2026-06-03 14:45:09.818936	Details available MEDIUM (5.3) In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user. Published: 2021-10-05T12:22:05.000Z Updated: 2024-08-04T02:20:33.633Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/297473 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39882.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39875`	vulnerable	2026-06-03 14:45:09.815996	Details available MEDIUM (5.3) In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint. Published: 2021-10-05T12:28:28.000Z Updated: 2024-08-04T02:20:33.568Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/290985 https://hackerone.com/reports/1048259 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39875.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39873`	vulnerable	2026-06-03 14:45:09.815176	Details available MEDIUM (4.3) In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. Published: 2021-10-04T16:43:24.000Z Updated: 2024-08-04T02:20:33.651Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/27241 https://hackerone.com/reports/504961 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39873.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39872`	vulnerable	2026-06-03 14:45:09.814751	Details available MEDIUM (6.5) In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. Published: 2021-10-05T12:34:28.000Z Updated: 2024-08-04T02:20:33.624Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/337954 https://hackerone.com/reports/1285226 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39872.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39871`	vulnerable	2026-06-03 14:45:09.814322	Details available MEDIUM (4.3) In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. Published: 2021-10-04T16:48:11.000Z Updated: 2024-08-04T02:20:33.665Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/340782 https://hackerone.com/reports/630263 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39871.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39869`	vulnerable	2026-06-03 14:45:09.813512	Details available MEDIUM (6.5) In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project. Published: 2021-10-05T12:30:52.000Z Updated: 2024-08-04T02:20:33.663Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/27044 https://hackerone.com/reports/497144 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39869.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39868`	vulnerable	2026-06-03 14:45:09.813067	Details available MEDIUM (4.3) In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export. Published: 2021-10-04T16:55:29.000Z Updated: 2024-08-04T02:20:33.614Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/24649 https://hackerone.com/reports/420258 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39868.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39867`	vulnerable	2026-06-03 14:45:09.812614	Details available MEDIUM (6.5) In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. Published: 2021-10-05T12:29:39.000Z Updated: 2024-08-04T02:20:33.672Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/214401 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39867.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39866`	vulnerable	2026-06-03 14:45:09.812074	Details available MEDIUM (5.4) A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens. Published: 2021-10-05T12:35:39.000Z Updated: 2024-08-04T02:20:33.617Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/333175 https://hackerone.com/reports/1199561 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39866.json	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.