Data Management and Analytics

In Grafana versions 11.1.0, 11.1.2 a medium severity vulnerability CVE-2024-27186 was detected. This vulnerability allows attackers to bypass access control for plugin data sources protected by the ReqActions json field in the plugin.json file. To fix the issue, users must upgrade Grafana to versions 11.1.1 or 11.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6322.

In Apache Airflow versions 1.10.11 and later a critical severity vulnerability CVE-2020-13927 was detected. This vulnerability allowed API requests to be made without authentication, posing significant security risks. To fix this issue, existing users need to update their configuration to [api]auth_backend = airflow.api.auth.backend.deny_all. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-13927.

In MongoDB Enterprise Server versions 6.0 to 6.0.16, 7.0 to 7.0.11, and 7.3 to 7.3.3 a medium severity vulnerability CVE-2024-6384 was detected. This vulnerability allows unauthorized access to potentially sensitive data stored in those backups.To fix this issue, users must upgrade to version 8.14.2 or 7.17.23 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6384.

In Kibana versions 7.x prior to 7.17.23, 8.x prior to 8.14.2 a high severity vulnerability CVE-2024-37287 was detected. This vulnerability allows attackers to run any code they want in Kibana if they can access certain features and modify specific data. To fix this problem, users should upgrade Kibana to versions 7.17.23 and 8.14.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-37287.

In MongoDB Server versions 5.0 to 5.0.27, 6.0 to 6.0.16, 7.0 to 7.0.12, 7.3 to 7.3.3, MongoDB C Driver versions to 1.26.2, and MongoDB PHP Driver versions to 1.18.1 a high severity vulnerability CVE-2024-7553 was detected. This vulnerability allows local privilege escalation on Windows by improperly validating files from untrusted directories. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7553.

In MySQL version 8.4.0 and prior a medium severity vulnerability CVE-2024-21170 was detected. This vulnerability allows attackers to gain unauthorized access to and modify data in MySQL Connectors, potentially causing disruptions and partial service outages. To fix this problem, users should upgrade MySQL to version 8.4.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21170.

In MySQL versions 8.0.37 and earlier, 8.4.0 and earlier a medium severity vulnerability CVE-2024-21177 was detected. This vulnerability allows attackers to repeatedly crash MySQL Server, resulting in a total service outage. To fix this problem, users should upgrade MySQL to versions 8.0.38 and later, 8.4.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21177.

In Elasticsearch versions 7.0.0 to 7.17.18 and 8.0.0 to 8.12.0 a medium severity vulnerability CVE-2024-23444 was detected. This vulnerability allows attackers to potentially access the unprotected private key stored on the computer, posing a security risk. To fix this problem, users should upgrade Elasticsearch to versions 7.17.19 and 8.13.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23444.

In Kibana versions before 8.11.2 a medium severity vulnerability CVE-2024-37281 was detected. This vulnerability allows attackers to crash a Kibana instance by sending too many harmful requests. To fix this problem, users should upgrade Kibana to version 8.11.2 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37281.