In Elasticsearch versions starting from 8.16.0 before 8.16.2 a medium severity vulnerability CVE-2024-12539 was detected. This vulnerability allows attackers to bypass Document Level Security controls and access restricted documents due to improper authorization checks. To address this issue, users should upgrade Elasticsearch to version 8.16.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12539.
Read more Data Analytics
In Metabase versions including 1.52.0 and before 1.52.2.5 a medium severity vulnerability CVE-2024-55951 was detected. This vulnerability allows sandboxed users to see field filter values from other sandboxed users. To address this issue, users should upgrade to version 1.52.2.5. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-55951.
Read more Data Analytics
In GeoServer versions prior to 2.26.0 a medium severity vulnerability CVE-2024-35230 was detected. This vulnerability allows attackers to identify software and components used by the server via the welcome and about pages, potentially aiding in targeted attacks. To address this issue, users should upgrade GeoServer to version 2.26.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-35230.
Read more Database
In HAProxy versions 2.2.9-2 and 2.6.12-1 a medium severity vulnerability CVE-2024-53008 was detected. This vulnerability allows attackers to bypass ACL (Access Control List) restrictions, potentially accessing sensitive information. To address this issue, users must upgrade to 2.9.12-1 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53008.
Read more Application Development
In InfluxDB versions through 2.7.10 a high severity vulnerability CVE-2024-30896 was detected. This vulnerability allows administrators with high-level access to view sensitive authentication tokens, potentially exposing them to misuse. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-30896.
Read more Data Analytics
In Graylog versions 6.1.0 and 6.1.1 a medium severity vulnerability CVE-2024-52506 was detected. This vulnerability allows attackers to potentially access and view reports containing log messages or aggregated data belonging to other users. To fix this issue, users should upgrade Graylog to version 6.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-52506.
Read more Analytics
In Apache Airflow versions prior to 2.10.3 a medium severity vulnerability CVE-2024-50378 was detected. This vulnerability allows authenticated users with audit log access to view sensitive variable values, potentially leading to unauthorized access. To fix this problem, users should upgrade to version 2.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-50378.
In Apache Airflow versions prior to 2.10.3 a high severity vulnerability CVE-2024-45784 was detected. This vulnerability could expose sensitive configuration variables in task logs, potentially allowing unauthorized access and exploitation. Masking secrets in logs is recommended to prevent exposure. To fix this problem, users should upgrade to version 2.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45784.
Read more Data Analytics
In Grafana OSS and Grafana Enterprise version 11.2.0 a medium severity vulnerability CVE-2024-9476 was detected. This vulnerability allows users to access other organization’s resources via the Cloud Migration Assistant. It affects instances using the Organizations feature for resource isolation. To address this issue, users are advised to upgrade to versions 11.2.3+security-01 or 11.3.0+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-9476.
Read more Data Analytics