Developer Tools

In Gitlab versions from 11.8 to 17.1.2 a low severity vulnerability CVE-2024-6595 was detected. This vulnerability allows attackers to upload an NPM package. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6595/.

In OpenSSH’s server (sshd) versions 4.13, 4.14, 4.15, and 4.16 a high severity vulnerability CVE-2024-6409 was detected. If a remote attacker doesn’t authenticate within a specific time frame, sshd’s signal handler can be triggered asynchronously. This handler calls non-async-signal-safe functions like syslog(), potentially allowing a successful attacker to execute remote code on the sshd server with unprivileged user privileges. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6409.

In GitLab versions from 15.8 through 16.11.6, from 17.0 through 17.0.4 and from 17.1 through 17.1.2 a high severity vulnerability CVE-2024-6385 was detected. This vulnerability allows attackers to trigger a pipeline as another user under certain circumstances. To fix this problem, users should upgrade GitLab to one of the following versions 16.11.6, 17.0.4, or 17.1.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6385.

In GitLab versions from 16.3 through 16.11.5, from 17.0 through 17.0.3, and from 17.1 through 17.1.1 a medium severity vulnerability CVE-2024-2177 was detected. This vulnerability allows attackers to trick the login system by using a specially designed message. To fix this problem, users should upgrade GitLab to one of the following versions: 16.11.5, 17.0.3, or 17.1.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-2177.

In Gogs version 0.13.0 a high severity vulnerability CVE-2024-39933 was detected. This vulnerability allows attackers to access the code in a new release. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39933/.

In Gogs through 0.13.0 a critical severity vulnerability CVE-2024-39931 was detected. It allows deletion of internal files. There is currently no solution available for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39931.

In Gogs versions up to 0.13.0 a critical severity vulnerability CVE-2024-39930 was detected in the built-in SSH server. This flaw lets attackers send harmful commands, leading to remote code execution. Attackers must be authenticated and can exploit this if the SSH server is enabled. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39930.

In Gogs version 0.13.0 a critical severity vulnerability CVE-2024-39932 was detected. This vulnerability allows attackers to access the code in previewing changes. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39932/.

In GitLab version 17.1 a medium severity vulnerability CVE-2024-1493 was detected. This vulnerability allows attackers to DoS attack on the server. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-1493/.