In CKAN versions 2.7.0 and before 2.10.5 a high severity vulnerability CVE-2024-41675 was detected. This vulnerability allows attackers to inject malicious scripts into the data displayed on a webpage, leading to potential theft of user data, session hijacking, or redirection to harmful sites. To fix this issue, users must update CKAN to versions 2.10.5 or 2.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41675.
Read more Data Analytics
In CKAN versions 2.10.5 and earlier a medium severity vulnerability CVE-2024-43371 was detected. CKAN plugins that download content from resource URLs lack restrictions on what URLs can be accessed, making them vulnerable to Server Side Request Forgery (SSRF) attacks. To fix this problem, users should upgrade to version 2.10.5 or 2.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43371.
Read more Data Analytics
In Apache Airflow versions before 2.10.0 a medium severity vulnerability CVE-2024-41937 was detected. This vulnerability allows attackers to potentially run harmful scripts on a user’s browser when they click on a provider link in Apache Airflow, potentially leading to data theft. To fix this problem, users should upgrade Apache Airflow to version 2.10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41937.
Read more Data Analytics
In CKAN versions before 2.0.0 and 2.10.5 a medium severity vulnerability CVE-2024-41674 was detected. This vulnerability allows potential exposure of sensitive information, like internal Solr URLs and credentials, in error messages when there are connection issues between CKAN and the Solr server. To fix this issue, users must upgrade CKAN to versions 2.10.5 and 2.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41674.
Read more Data Analytics
In Grafana versions 11.1.0, 11.1.2 a medium severity vulnerability CVE-2024-27186 was detected. This vulnerability allows attackers to bypass access control for plugin data sources protected by the ReqActions json field in the plugin.json file. To fix the issue, users must upgrade Grafana to versions 11.1.1 or 11.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6322.
Read more Data Analytics
In Apache Airflow versions 1.10.11 and later a critical severity vulnerability CVE-2020-13927 was detected. This vulnerability allowed API requests to be made without authentication, posing significant security risks. To fix this issue, existing users need to update their configuration to [api]auth_backend = airflow.api.auth.backend.deny_all. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-13927.
In MongoDB Enterprise Server versions 6.0 to 6.0.16, 7.0 to 7.0.11, and 7.3 to 7.3.3 a medium severity vulnerability CVE-2024-6384 was detected. This vulnerability allows unauthorized access to potentially sensitive data stored in those backups.To fix this issue, users must upgrade to version 8.14.2 or 7.17.23 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6384.
Read more Database
In Kibana versions 7.x prior to 7.17.23, 8.x prior to 8.14.2 a high severity vulnerability CVE-2024-37287 was detected. This vulnerability allows attackers to run any code they want in Kibana if they can access certain features and modify specific data. To fix this problem, users should upgrade Kibana to versions 7.17.23 and 8.14.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-37287.
Read more Data Analytics
In MongoDB Server versions 5.0 to 5.0.27, 6.0 to 6.0.16, 7.0 to 7.0.12, 7.3 to 7.3.3, MongoDB C Driver versions to 1.26.2, and MongoDB PHP Driver versions to 1.18.1 a high severity vulnerability CVE-2024-7553 was detected. This vulnerability allows local privilege escalation on Windows by improperly validating files from untrusted directories. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7553.