Developer Tools

In OpenShift AI versions before 2.9 a high severity vulnerability CVE-2024-7557 was detected. This allows attackers to bypass authentication and escalate privileges, gaining unauthorized access to other AI models and APIs within the same namespace by exploiting exposed ServiceAccount tokens. To fix this problem, users should upgrade OpenShift AI to version 2.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7557.

In OpenShift versions from 2.6.7 through 2.8.13 a high severity vulnerability CVE-2024-6508 was detected. A flaw in the OpenShift Console’s OAuth2 protocol can allow Cross-Site Request Forgery (CSRF) attacks due to improper use of the state parameter, enabling unauthorized access to accounts. The attack requires initiation from within the local network and no exploit is available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6508.

In GitLab versions from 8.2 prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 a medium severity vulnerability CVE-2024-6502 was detected. This vulnerability allows attackers to create a branch with the same name as a deleted tag. To fix this problem, users should upgrade GitLab to versions 17.1.6, 17.2.4, or 17.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6502.

In GitLab versions starting from 12.5 before 17.1.6, versions starting from 17.2 before 17.2.4, and versions starting from 17.3 before 17.3.1 a medium severity vulnerability CVE-2024-3127 was detected. Under certain conditions, unauthorized users might be able to bypass IP restrictions for groups via GraphQL and perform some group-level actions. To fix this problem, users should upgrade to version 17.1.6, 17.2.4, 17.3.1, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-3127.

In GitLab versions before 17.1.6, 17.2.4, and 17.3.1 a medium severity vulnerability CVE-2024-8041 was detected. A DoS vulnerability can disrupt the service by importing a malicious repository through the GitHub importer. To fix this problem, users should upgrade to version 17.1.6, 17.2.4, 17.3.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8041.

In GitLab versions from 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 a medium severity vulnerability CVE-2024-7110 was detected. This vulnerability allows attackers to execute arbitrary commands in a victim’s pipeline through prompt injection. To fix this problem, users should upgrade GitLab to versions 17.1.6, 17.2.4, or 17.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7110.

In NPM Matrix messaging protocol Client-Server SDK for JavaScript a medium severity vulnerability CVE-2024-42369 was detected. A malicious homeserver can create a cyclic room structure, causing infinite recursion in getRoomUpgradeHistory and affecting ‘leaveRoomChain()’. Fixed in version 34.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-42369.

In GitLab versions from 8.16 prior to 17.0.6, from 17.1 prior to 17.1.4 and from 17.2 prior to 17.2.2 a medium severity vulnerability CVE-2024-6329 was detected. This vulnerability allows attackers to cause errors or incorrect displays on the GitLab web interface using specially crafted paths. To fix this problem, users should upgrade GitLab to versions 17.0.6, 17.1.4, 17.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6329.

In GitLab versions from 13.9 before 17.0.6, from 17.1 before 17.1.4, and 17.2 before 17.2.2 a high severity vulnerability CVE-2024-7554 was detected. This allows attackers to potentially steal sensitive authentication information by exploiting the logging of access tokens during specific API requests. To fix this problem, users should upgrade GitLab to versions 17.0.6, 17.1.4 or 17.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7554.