Developer Tools

In Zowe API Mediation Layer versions 1.0.0 to 1.28.8 and 2.0.0 to 2.18.0 a medium severity vulnerability CVE-2024-9798 was detected. This vulnerability allows attackers to access a public health endpoint, revealing a list of all services, which is potentially valuable information for attackers. To fix this isse, users must upgrade to Zowe versions 2.18.0 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-9798.

In OpenShift versions prior to 1.29.11, starting from 1.30.0 up to 1.30.8, starting from 1.31.0 up to 1.31.3 a high severity vulnerability CVE-2024-8676 was detected. This vulnerability allows attackers with access to the kubelet or CRI-O socket to exploit pod restoration and bypass mount access validations. To fix this issues, users must upgrade to to versions 1.29.11, 1.30.8, 1.31.3 or above. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-8676.

In OpenShift versions 4.12 to 4.17 a medium severity vulnerability CVE-2024-9676 was found in Podman, Buildah, and CRI-O. This flaw can lead to a denial of service (OOM kill) when using a malicious image with an auto-assigned user namespace. The vulnerability occurs because the containers/storage library doesn’t properly handle symlink files, allowing access to files on the host. To address this issue, users should upgrade to version 4.9.5-150400.4.35.1 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-9676.

In GitLab CE/EE versions from 8.12 before 17.4.5, 17.5 before 17.5.3 and 17.6 before 17.6.1 a high severity vulnerability CVE-2024-8114 was detected. This vulnerability allows an attacker with access to a victim’s Personal Access Token (PAT) to escalate privileges. To address this issue, users must upgrade to GitLab CE/EE versions 17.4.5, 17.5.3, or 17.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8114.

In GitLab CE/EE versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, and starting from 17.6 prior to 17.6.1 a medium severity vulnerability CVE-2024-8177 was detected. This vulnerability allows attackers to cause a Denial of Service by integrating a malicious Harbor registry. To address this issue, users must upgrade to GitLab CE/EE versions 17.4.5, 17.5.3, or 17.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8177.

In GitLab CE/EE versions prior to 12.6, prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1 a medium severity vulnerability CVE-2024-8237 was detected. This vulnerability allows attackers to crash the system using a fake cargo.toml file. To fix this issue, users are advised to upgrade GitLab CE/EE to versions 17.6.1, 17.5.3, or 17.4.5. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-8237.

In GitLab EE versions starting from 17.3 before 17.3.7, starting from 17.4 before 17.4.4 and starting from 17.5 before 17.5.2 a medium severity vulnerability CVE-2024-10240 was detected. This vulnerability allows unauthenticated users to access details about merge requests (MR) in a private project under specific conditions. To fix this issue, users are advised to upgrade GitLab EE to versions 17.6.1, 17.5.3, or 17.4.5. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-10240.

In GitLab CE/EE versions 16.11 prior to 17.4.5, 17.5 prior to 17.5.3, 17.6 prior to 17.6.1 a medium severity vulnerability CVE-2024-11668 was detected. This vulnerability allows attackers to bypass authentication and access sensitive data through long-lasting connections. To fix this issue, users should upgrade GitLab CE/EE to versions 17.4.5, 17.5.3 or 17.6.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11668.

In GitLab CE/EE versions 16.9.8 prior to 17.4.5, 17.5 prior to 17.5.3, 17.6 prior to 17.6.1 a medium severity vulnerability CVE-2024-11669 was detected. This vulnerability allows attackers to access sensitive data without proper authorization by exploiting certain security weaknesses in GitLab’s API. To fix this issue, users should upgrade GitLab CE/EE to versions 17.4.5, 17.5.3, or 17.6.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11669.