In OpenShift versions 4 and JBoss Fuse version 7 a high severity vulnerability CVE-2024-45497 was detected. This vulnerability allows attackers to overwrite a configuration file containing sensitive credentials. By modifying this file, attackers can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45497.
Read more Developer ToolsIn Spring Framework versions 5.3.0 to 5.3.40, 6.0.0 to 6.0.24, and 6.1.0 to 6.1.13 a high severity vulnerability CVE-2024-38816 was detected. This vulnerability allows attackers to perform path traversal attacks, enabling them to access any file on the system that the Spring application has access to. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38816.
Read more Application DevelopmentIn GitLab versions before 17.6.0 a low severity vulnerability CVE-2023-5117 was detected. This vulnerability allows attackers to access files uploaded to comments on confidential issues and epics of public projects without authentication via a direct link to the uploaded file URL. To address this issue, users should upgrade to version 17.6.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-5117.
Read more Developer ToolsIn Gogs versions prior to 0.13.1 a critical severity vulnerability CVE-2024-54148 was detected. This vulnerability allows attackers to commit and edit a crafted symlink file in a repository to gain unauthorized SSH access to the server. To address this issue, users should upgrade Gogs to version 0.13.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54148.
Read more Developer ToolsIn Gogs versions prior to 0.13.1 a high severity vulnerability CVE-2024-55947 was detected. This vulnerability allows attackers to create files in any location on the server, which can lead to unauthorized SSH access. To address this issue, users should upgrade Gogs to version 0.13.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55947.
Read more Developer ToolsIn Next.js versions 9.5.5 through 14.2.14 a high severity vulnerability CVE-2024-51479 was detected. This vulnerability allows attackers to bypass authorization checks in middleware based on the pathname, potentially granting unauthorized access to pages directly under the application’s root directory. To address this issue, users should upgrade Next.js to version 14.2.15 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51479.
Read more Application DevelopmentIn GitLab CE/EE versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2 a high severity vulnerability CVE-2024-8233 was detected. This vulnerability allows attackers to cause a denial of service by sending requests for diff files on a commit or merge request. To address this issue, users should upgrade GitLab CE/EE to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8233.
Read more Developer ToolsIn GitLab CE/EE versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2 a medium severity vulnerability CVE-2024-8179 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) attacks if Content Security Policy (CSP) is not enabled. To address this issue, users should upgrade GitLab CE/EE to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8179.
Read more Developer ToolsIn the GitLab versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 a medium severity vulnerability CVE-2024-8647 was detected. This vulnerability allows attackers to steal the anti-CSRF token from self-hosted GitLab installations with Harbor integration enabled, potentially allowing them to perform unauthorized actions on behalf of users. To fix this issue, users should upgrade GitLab to versions 17.6.2, 17.5.4, 17.4.6. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-8647.
Read more Developer Tools