In GitLab CE/EE versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 a medium severity vulnerability CVE-2023-6489 was detected. Due to a bug in GitLab’s chat integration feature lets attackers overload the system, causing slowdowns and service interruptions. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-6489/.
Read more Developer ToolsIn GitLab CE/EE all versions starting from 16.9 before 16.9.4, and from 16.10 before 16.10.2 a high severity vulnerability CVE-2024-3092 was detected. This issue allows attackers to do things on someone else’s behalf by injecting a harmful code. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-3092/.
Read more Developer ToolsIn HTTP/1.1 client for Node.js (Undici), a low severity vulnerability CVE-2024-30261 was detected. This vulnerability allows attackers to change a setting to make their fake requests look real, allowing them to sneak in harmful alterations undetected. However, there’s no confidentiality or availability impact. The issue is fixed in versions 5.28.4 and 6.11.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-30261.
Read more Application DevelopmentIn GitLab Enterprise Edition versions before 16.8.6 as well as versions starting from 16.9 before 16.9.4, and from 16.10 before 16.10.2 a medium vulnerability CVE-2023-6678 was detected. It allows attackers to crash a system by putting harmful stuff in a junit test report file. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-6678.
Read more Developer ToolsIn GitLab CE/EE all versions starting from 16.7 to 16.8.6, from 16.9 before 16.9.4, and from 16.10 before 16.10.2 a high severity vulnerability CVE-2024-2279 was detected. Due to this vulnerability, attackers could trick the system into executing harmful actions on behalf of other users without their knowledge through a method called stored XSS (cross-site scripting). For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2279.
Read more Developer ToolsIn OpenShift Virtualization a medium security vulnerability CVE-2024-31419 was detected. This vulnerability allows attackers to disclose limited host metrics to any guest without administrator consent. The issue is resolved in version Container-native Virtualization 4.15.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31419.
Read more Developer ToolsThe identified XSS vulnerability in Typebot’s sign-in page, up to version 2.24.0, posed a significant security threat by potentially allowing attackers to compromise user accounts. By exploiting the redirectPath parameter in the URL, attackers could execute malicious JavaScript, thereby gaining unauthorized access. The release of version 2.24.0 signifies a proactive response to address this vulnerability, reinforcing Typebot’s commitment to user security and the integrity of its platform.
Read more Application DevelopmentIn Grafana versions 9.5.0 to 10.3.5 a medium security vulnerability CVE-2024-1313 was detected. This vulnerability allows a user from a different organization to delete a snapshot by bypassing authorization using its view key. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-1313.
Read more Application DevelopmentArgo CD users, a critical security flaw in specific versions demands immediate action to prevent unauthorized access. This vulnerability, tied to authentication mechanisms, could allow attackers to bypass login credentials. It’s found in certain session validation configurations, posing a significant risk of unauthorized changes or data access. Review your Argo CD version against official documentation to ensure you’re not vulnerable. Upgrading to the latest version is advised for enhanced security.
Read more Developer Tools