In GitLab EE versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 a medium severity vulnerability CVE-2024-8311 was detected. This vulnerability allows authenticated users to bypass variable overwrite protection in GitLab EE pipelines using a CI/CD template. To fix this problem, users should upgrade to version 17.2.5, 17.3.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8311.
Read more Developer ToolsIn GitLab CE/EE versions from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2 a medium severity vulnerability CVE-2024-8641 was detected. This vulnerability allows attackers with a victim’s CI_JOB_TOKEN to obtain a GitLab session token belonging to the victim. To fix this issue users should upgrade GitLab CE/EE to version 17.1.7, 17.2.5, or 17.3.2 For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-8641.
Read more Developer ToolsIn GitLab versions from 16.9.7 to before 17.1.7, 17.2 to before 17.2.5, and 17.3 to before 17.3.2 a medium severity vulnerability CVE-2024-8754 was detected. This vulnerability allows attackers to squat on accounts by linking arbitrary unclaimed provider identities when JWT authentication is configured. To address this issue, update to GitLab version 17.1.7 or later, 17.2.5 or later, or 17.3.2 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-8754.
Read more Developer ToolsIn GitLab versions from 16.11 to before 17.1.7, from 17.2 to before 17.2.5, and from 17.3 to before 17.3.2 a high severity vulnerability CVE-2024-8640 was detected. This vulnerability allows attackers to inject commands into a connected Cube server due to incomplete input filtering. To address this issue, update to GitLab version 17.1.7, 17.2.5, or 17.3.2 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-8640.
Read more Developer ToolsIn GitLab versions from 16.8 before 17.1.7, from 17.2 before 17.2.5, and from 17.3 before 17.3.2 a high severity vulnerability CVE-2024-8635 was detected. This vulnerability allows attackers to make unauthorized requests to internal resources using a custom Maven Dependency Proxy URL. To address this issue, upgrade to GitLab version 17.1.7 or later, 17.2.5 or later, or 17.3.2 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-8635.
Read more Developer ToolsIn GitLab EE versions 16.6 to 17.1.7, 17.2 to 17.2.5, and 17.3 to 17.3.2 a high severity vulnerability CVE-2024-8631 was detected. This vulnerability allows users with the Admin Group Member custom role to escalate their privileges to include other custom roles. To address this issue, users should upgrade to GitLab EE to version 17.1.7, 17.2.5, or 17.3.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-8631.
Read more Developer ToolsIn GitLab versions 15.6 to 17.0.5, 17.1 to 17.1.3, and 17.2 to 17.2.1 a medium severity vulnerability CVE-2024-7091 was detected. This vulnerability allows attackers to disclose limited information of an exported group or project to another user. To address this issue, upgrading to the latest version of GitLab is recommended. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7091.
Read more Developer ToolsIn OpenShift environments using Aardvark-dns versions 1.12.0 and 1.12.1 a high severity vulnerability CVE-2024-8418 was detected. This vulnerability allows attackers to exploit serial processing of TCP DNS queries, causing a denial of service. Malicious clients can keep a TCP connection open indefinitely, leading to timeouts for other DNS queries and disrupting service for all containers using Aardvark-dns. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8418.
Read more Developer ToolsIn OpenShift AI versions before 2.9 a high severity vulnerability CVE-2024-7557 was detected. This allows attackers to bypass authentication and escalate privileges, gaining unauthorized access to other AI models and APIs within the same namespace by exploiting exposed ServiceAccount tokens. To fix this problem, users should upgrade OpenShift AI to version 2.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7557.
Read more Developer Tools