In Airbyte versions till 0.62.2 a high severity vulnerability CVE-2024-38363 was detected. This vulnerability allows attackers to execute arbitrary code on the server as the web server user. To address this issue, users must update to version 0.62.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38363/.
Read more Data Analytics
In the OpenSearch observability plugins a medium severity vulnerability CVE-2024-39901 was detected. This vulnerability lets unauthorized users access private tenant resources, like notebooks. The system didn’t check if the user was the resource author, potentially exposing sensitive data. This issue has been fixed in OpenSearch version 2.14. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39901.
Read more Data Analytics
In MongoDB version 7.0.3 a medium severity vulnerability CVE-2024-6375 was detected. This vulnerability allows attackers to affect database performance. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6375/.
Read more Database
In pgAdmin version 8.8 and earlier a high severity vulnerability CVE-2024-6238 was detected. The vulnerability involves installation directory permissions on Debian and RHEL 8 platforms, allowing attackers to gain unauthorized access. Apply vendor security patches or updates to version 8.9 to fix this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6238.
Read more Database
In Airflow version 2.9.1 a low severity vulnerability CVE-2024-25142 was detected. This vulnerability allows attackers to get access to sensitive data. To address this issue, users must update version 2.9.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-25142/.
Read more Data Analytics
In Elasticsearch version 8.14.0 a medium severity vulnerability CVE-2024-23445 was detected. This vulnerability allows attackers to get access to sensitive data. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23445/.
Read more Data Analytics
In Apache Superset versions 4.0.0 and 3.1.2 a medium severity vulnerability CVE-2024-34693 was detected. This vulnerability allows attackers to get access to the database. To address this issue, users must upgrade to version 4.0.1 or 3.1.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34693/.
Read more Data Analytics
In Kibana versions prior to 7.17.22 and prior to 8.14.0 a medium severity vulnerability CVE-2024-23443 was detected. This vulnerability allows attackers to upload a maliciously crafted osquery pack. To address this issue, users should upgrade Kibana to version 7.17.22, 8.14.0 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23443/.
Read more Data Analytics
In Kibana versions prior to 7.17.22 and from 8.0.0 prior to 8.14.0 a medium severity vulnerability CVE-2024-23442 was detected. This issue allows malicious URLs to redirect users to fake websites, making phishing attacks easier. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23442/.
Read more Data Analytics