In GitLab CE/EE versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 a medium severity vulnerability CVE-2023-6489 was detected. Due to a bug in GitLab’s chat integration feature lets attackers overload the system, causing slowdowns and service interruptions. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-6489/.
Read more Developer ToolsIn GitLab CE/EE all versions starting from 16.9 before 16.9.4, and from 16.10 before 16.10.2 a high severity vulnerability CVE-2024-3092 was detected. This issue allows attackers to do things on someone else’s behalf by injecting a harmful code. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-3092/.
Read more Developer ToolsIn GitLab Enterprise Edition versions before 16.8.6 as well as versions starting from 16.9 before 16.9.4, and from 16.10 before 16.10.2 a medium vulnerability CVE-2023-6678 was detected. It allows attackers to crash a system by putting harmful stuff in a junit test report file. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-6678.
Read more Developer ToolsIn GitLab CE/EE all versions starting from 16.7 to 16.8.6, from 16.9 before 16.9.4, and from 16.10 before 16.10.2 a high severity vulnerability CVE-2024-2279 was detected. Due to this vulnerability, attackers could trick the system into executing harmful actions on behalf of other users without their knowledge through a method called stored XSS (cross-site scripting). For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2279.
Read more Developer ToolsIn OpenShift Virtualization a medium security vulnerability CVE-2024-31419 was detected. This vulnerability allows attackers to disclose limited host metrics to any guest without administrator consent. The issue is resolved in version Container-native Virtualization 4.15.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31419.
Read more Developer ToolsArgo CD users, a critical security flaw in specific versions demands immediate action to prevent unauthorized access. This vulnerability, tied to authentication mechanisms, could allow attackers to bypass login credentials. It’s found in certain session validation configurations, posing a significant risk of unauthorized changes or data access. Review your Argo CD version against official documentation to ensure you’re not vulnerable. Upgrading to the latest version is advised for enhanced security.
Read more Developer Tools