In MongoDB Server versions 5.0 prior to 5.0.14 and 6.0 prior to 6.0.3 a medium severity vulnerability CVE-2024-8207 was detected. This vulnerability allows attackers with access to the server to take control of the MongoDB process by loading malicious files when it starts. To fix this problem, users should upgrade MongoDB Server to versions 6.1.1, 5.0.14, and 6.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8207.
Read more DatabaseIn OpenSearch versions 2.16.0, 1.3.19 and earlier a medium severity vulnerability CVE-2024-43794 was detected. The Dashboards Security Plugin adds a user interface for managing security features. Improper validation of the nextUrl parameter may cause an external redirect during login if certain parameters are manipulated. To fix this problem, users should upgrade to version 1.3.19 or 2.16.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43794.
Read more Data AnalyticsIn CKAN versions 2.7.0 and before 2.10.5 a high severity vulnerability CVE-2024-41675 was detected. This vulnerability allows attackers to inject malicious scripts into the data displayed on a webpage, leading to potential theft of user data, session hijacking, or redirection to harmful sites. To fix this issue, users must update CKAN to versions 2.10.5 or 2.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41675.
Read more Data AnalyticsIn Apache Airflow versions before 2.10.0 a medium severity vulnerability CVE-2024-41937 was detected. This vulnerability allows attackers to potentially run harmful scripts on a user’s browser when they click on a provider link in Apache Airflow, potentially leading to data theft. To fix this problem, users should upgrade Apache Airflow to version 2.10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41937.
Read more Data AnalyticsIn CKAN versions before 2.0.0 and 2.10.5 a medium severity vulnerability CVE-2024-41674 was detected. This vulnerability allows potential exposure of sensitive information, like internal Solr URLs and credentials, in error messages when there are connection issues between CKAN and the Solr server. To fix this issue, users must upgrade CKAN to versions 2.10.5 and 2.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41674.
Read more Data AnalyticsIn CKAN versions 2.10.5 and earlier a medium severity vulnerability CVE-2024-43371 was detected. CKAN plugins that download content from resource URLs lack restrictions on what URLs can be accessed, making them vulnerable to Server Side Request Forgery (SSRF) attacks. To fix this problem, users should upgrade to version 2.10.5 or 2.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43371.
Read more Data AnalyticsIn Grafana versions 11.1.0, 11.1.2 a medium severity vulnerability CVE-2024-27186 was detected. This vulnerability allows attackers to bypass access control for plugin data sources protected by the ReqActions json field in the plugin.json file. To fix the issue, users must upgrade Grafana to versions 11.1.1 or 11.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6322.
Read more Data AnalyticsIn Apache Airflow versions 1.10.11 and later a critical severity vulnerability CVE-2020-13927 was detected. This vulnerability allowed API requests to be made without authentication, posing significant security risks. To fix this issue, existing users need to update their configuration to [api]auth_backend = airflow.api.auth.backend.deny_all. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-13927.
In MongoDB Enterprise Server versions 6.0 to 6.0.16, 7.0 to 7.0.11, and 7.3 to 7.3.3 a medium severity vulnerability CVE-2024-6384 was detected. This vulnerability allows unauthorized access to potentially sensitive data stored in those backups.To fix this issue, users must upgrade to version 8.14.2 or 7.17.23 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6384.
Read more Database