Developer Tools

In GitLab versions from 1.0 before 17.0.6, from 17.1 before 17.1.4, and from 17.2 before 17.2.2 a medium severity vulnerability CVE-2024-5423 was detected. This allows attackers to overload the system and make it unavailable by consuming excessive resources through the Banzai pipeline. To fix this problem, users should upgrade GitLab to versions 17.0.6, 17.1.4 or 17.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-5423.

In OpenShift a medium severity vulnerability CVE-2024-43168 related to a heap-buffer-overflow was detected in Unbound’s `cfg_mark_ports` function. This issue is found within `config_file.c`. The vulnerability can lead to memory corruption. Attackers with local access can exploit this issue by providing specially crafted input. This can potentially cause the application to crash or allow arbitrary code execution, leading to a denial of service or unauthorized actions on the system. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43168.

In GitLab versions 15.9 before 17.0.6, 17.1 to 17.1.4, 17.2 to 17.2.2 a medium severity vulnerability CVE-2024-7610 was detected. This vulnerability allows an attacker to cause catastrophic backtracking while parsing results from Elasticsearch. To address the issue, users should upgrade GitLab to version 17.2.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7610.

In Jenkins 2.470 and earlier, LTS 2.452.3 and earlier a medium severity vulnerability CVE-2024-43045 was detected. The application skips a permission check on an HTTP endpoint, letting attackers with Overall/Read access view other users’ “My Views.” In Jenkins 2.471, LTS 2.452.4, and LTS 2.462.1, access to a user’s “My Views” is restricted to the owning user and administrators. To address this issue, users should upgrade to versions 2.471-r0 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43045.

In Jenkins versions 2.470 and earlier, LTS 2.452.3 and earlier a high severity vulnerability CVE-2024-43044 was detected. This vulnerability allows attackers to access and read any files on the main Jenkins server, potentially exposing sensitive information. To fix this problem, users should upgrade Jenkins to versions 2.471, LTS 2.452.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43044.

In Gitea version 1.22.0 a high severity vulnerability CVE-2024-6886 was detected. This vulnerability allows attackers to add harmful scripts to the website, which other users might see, leading to stolen data or hijacked accounts. To fix this problem, users should upgrade Gitea to version 1.23.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6886.

In OpenShift versions using Podman a medium severity vulnerability CVE-2024-3056 was detected. This vulnerability allows an attacker to create a container that uses up memory and IPC resources, eventually leading to system instability. If the container is set to restart automatically, the attack can be repeated. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3056.

In OpenShift versions that use github.com/containers/image library a high severity vulnerability CVE-2024-3727 was detected. This vulnerability allows attackers to perform unintended actions on behalf of the victim user, such as accessing resources, exhausting system resources, or traversing local file paths. To address this issue users should upgrade to versions 5.30.1 or 5.29.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3727.

In Harbor versions prior to 2.9.5 and 2.10.3 a medium severity vulnerability CVE-2024-22278 was detected. This vulnerability allows authenticated users to modify configurations. To fix this problem, users should upgrade to versions 2.9.5, 2.10.3 or 2.11.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-22278.