In HTTP/1.1 client for Node.js (Undici), a low severity vulnerability CVE-2024-30261, was detected. This vulnerability allows attackers to
change a setting to make their fake requests look real, allowing them to sneak in harmful alterations undetected. However, there’s no confidentiality or availability impact. The issue is fixed in versions 5.28.4 and 6.11.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-30261/.
In GitLab Enterprise Edition versions before 16.8.6, as well as versions starting from 16.9 before 16.9.4, and from 16.10 before 16.10.2, a medium vulnarability CVE-2023-6678, was detected. It allows attackers to crash a system by putting harmful stuff in a junit test report file. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-6678/.
Read more Developer ToolsIn GitLab CE/EE all versions starting from 16.7 to 16.8.6, from 16.9 before 16.9.4, and from 16.10 before 16.10.2, a high severity vulnerability CVE-2024-2279, was detected. Due to this vulnerability attackers could trick the system into executing harmful actions on behalf of other users without their knowledge through a method called stored XSS (cross-site scripting). For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2279/.
Read more Developer ToolsIn Vault and Vault Enterprise versions 1.14.0 and newer, a medium severity vulnerability CVE-2024-2660, was detected. This vulnerability affects how Vault checks for certificate status, potentially letting someone with network access use a fake certificate to get unauthorized access. The issue is resolved in Vault version 1.16.0 and Vault Enterprise versions 1.16.1, 1.15.7, and 1.14.11. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2660/.
Read more SecurityIn Ansible versions v3.0.0-v3.10.6, a critical security vulnerability CVE-2024-29202, was detected. This vulnerability allows attackers to steal sensitive data. To address this issue, users are advised to upgrade to v3.10.7. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29202.
Read more IT Business ManagementIn Dolibarr, a critical security vulnerability CVE-2024-29477, was detected. This vulnarability allows attackers to access your network and execute malicious code during installation. The issue is resolved in Dolibarr version 19.0.1 or newer. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29477.
Read more ERP