Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • DevOps

DevOps

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    8 May 2025 DevOps
    Django: Denial-of-Service via Inefficient HTML Tag Stripping

    In Django versions 4.2 before 4.2.21, 5.1 before 5.1.9 and 5.2 before 5.2.1 a medium severity vulnerability CVE-2025-32873 was detected. This vulnerability allows attackers to cause a denial-of-service condition through slow performance by supplying large sequences of incomplete HTML tags to the `strip_tags()` function or the `striptags` template filter. To address this issue, users should upgrade Django to versions 4.2.21, 5.1.9 or 5.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32873.

    Read more
    Application Development
    7 May 2025 DevOps
    Zitadel: Improper Session Intent Handling Enables Authentication Token Theft via URI Exposure

    In Zitadel versions prior to 3.0.0, 2.71.9 and 2.70.10 a high severity vulnerability CVE-2025-46815 was detected. This vulnerability allows attackers with access to the application’s predefined URI to retrieve authentication tokens and user IDs by repeatedly using idp intents, enabling them to authenticate on behalf of the user. To address this issue, users should upgrade Zitadel to versions 3.0.0, 2.71.9 or 2.70.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46815.

    Read more
    Developer Tools
    24 Apr 2025 DevOps
    GitLab: User Tracking Flaw Could Lead to Account Takeover

    In GitLab EE/CE versions from 16.6 before 16.9.7, 17.10 before 17.10.5 and 17.11 before 17.11.1 a high severity vulnerability CVE-2025-1908 was discovered. This issue could allow an attacker to track users’ browsing activities, potentially leading to full account takeover. To address this issue, users should upgrade GitLab EE/CE to versions 16.9.7, 17.10.5 or 17.11.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1908.

    Read more
    Developer Tools
    24 Apr 2025 DevOps
    GitLab: Issue Preview Vulnerability Affects Service Availability

    In GitLab CE/EE versions from 16.7 before 17.9.7, 17.10 before 17.10.5 and 17.11 before 17.11.1 a medium severity vulnerability CVE-2025-0639 was discovered. This issue affects service availability through the issue preview feature. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.7, 17.10.5 or 17.11.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0639.

    Read more
    Developer Tools
    24 Apr 2025 DevOps
    GitLab EE: Access Control Flaw Leaks Restricted Project Info

    In GitLab EE versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5 and 17.11 prior to 17.11.1 a medium severity vulnerability CVE-2024-12244 was discovered. This issue in access controls may allow users to view restricted project information even when related features are disabled. To address this issue, users should upgrade GitLab EE to versions 17.9.7, 17.10.5 or 17.11.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12244.

    Read more
    Developer Tools
    18 Apr 2025 DevOps
    Backstage: Information Disclosure via Conditional Decisions in Scaffolder Plugin

    In Backstage Scaffolder plugin (permissions backend) a medium severity vulnerability CVE-2025-32791 was detected. This vulnerability allows callers to extract limited information about the conditional decisions returned by the installed permission policy in the permission backend, though there is no impact if the permission system is disabled or the policy does not use conditional decisions. To address this issue, users should upgrade Backstage Scaffolder plugin to version 0.6.0 of the permissions backend. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32791.

    Read more
    Developer Tools
    17 Apr 2025 DevOps
    Rancher: Privilege Escalation Possible Through Misconfigured RoleTemplate

    In Rancher versions 2.7.0 to before 2.7.14 and 2.8.0 to before 2.8.5 a medium severity vulnerability CVE-2023-32197 was detected. This vulnerability allows attackers to gain more permissions than they should in certain cases where RoleTemplate objects are set with external=true. To address this issue, users should upgrade Rancher to version 2.7.14 or 2.8.5. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-32197.

    Read more
    Developer Tools
    17 Apr 2025 DevOps
    Rancher: Attackers Can Break Out of Container and Get Full Access

    In Rancher versions 2.7.0 to before 2.7.16, 2.8.0 to before 2.8.9, and 2.9.0 to before 2.9.3 a critical severity vulnerability CVE-2024-22036 was detected. This vulnerability lets attackers break out of the Rancher container and get root access. In test setups, they could even escape the container and run code on the host machine. To address this issue, users should upgrade Rancher to version 2.7.16, 2.8.9, or 2.9.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-22036.

    Read more
    Developer Tools
    15 Apr 2025 DevOps
    Rancher: CLI Token Exposure Vulnerability

    In SUSE Rancher versions from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7 and from 2.10.0 before 2.10.3 a medium severity vulnerability CVE-2025-23387 was detected. This vulnerability allows unauthenticated attackers to list and delete CLI authentication tokens before they are retrieved, exposing sensitive information. To address this issue, users should upgrade SUSE Rancher to versions 2.8.13, 2.9.7 or 2.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23387.

    Read more
    Developer Tools
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy