Developer Tools

In GitLab CE/EE all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 a high severity vulnerability CVE-2024-7047 was detected. A cross-site scripting (XSS) vulnerability allows an attacker to run arbitrary scripts as the logged-in user, potentially leading to unauthorized actions and access to sensitive information. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7047.

In GitLab versions 6.7 prior to 17.0.5, 17.1 prior to 17.1.3 and 17.2 prior to 17.2.1 a medium severity vulnerability CVE-2024-7057 was detected. This vulnerability allows attackers to view sensitive files in GitLab. To fix this problem, users should upgrade GitLab CE/EE to versions 17.0.5, 17.1.3 or 17.2.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7057.

In GitLab CE/EE versions 15.4 prior to 17.0.5, 17.1 prior to 17.1.3 and 17.2 prior to 17.2.1 a low severity vulnerability CVE-2024-7060 was detected. This vulnerability allows attackers to access sensitive information by viewing project or group exports without authorization. To fix this problem, users should upgrade GitLab CE/EE to versions 17.0.5, 17.1.3, or 17.2.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7060.

In OpenShift versions 4.12.0 prior to 4.12.12, 4.13.0 prior to 4.13.5 and 4.14.0 prior to 4.14.0 a medium severity vulnerability CVE-2024-7128 was detected. This allows attackers to access and potentially steal data because the system is not properly checking user credentials. To fix this problem, users should upgrade to OpenShift versions 4.12.13, 4.13.6, and 4.14.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7128.

In GitLab EE versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 a medium severity vulnerability CVE-2024-5067 was detected. Certain project-level analytics settings could be visible in the DOM to group members with Developer or higher roles. To address this issue users should upgrade GitLab EE to versions 17.2.1, 17.1.3 or 17.0.5. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5067.

In the OpenShift console version 3.1 a medium severity vulnerability CVE-2024-7128 was detected. This vulnerability allows some parts of the app to skip proper user authentication when using the default “openShiftAuth” provider. This can lead to data exposure because the necessary checks are not performed. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7128.

In the Openshift console a medium severity vulnerability CVE-2024-7079 was detected. The /API/helm/verify endpoint is not secured properly. As a result, unauthenticated users are able to access this endpoint, potentially leading to security risks. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7079.

In OpenShift version 3.11 a high severity vulnerability CVE-2024-7079 was detected. This vulnerability allows attackers to access the system without logging in, which could expose sensitive information. To fix this problem, users should upgrade OpenShift to version 4.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7079.

In GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 a low severity vulnerability CVE-2024-0231 was detected. This vulnerability allows attackers to create a specially crafted repository import to redirect code changes to the wrong place. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-0231.