Developer Tools

In GitLab CE/EE, all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, a medium severity vulnerability CVE-2024-5430 was detected. This issue allows a project maintainer to delete the merge request approval policy via GraphQL. There is no fix for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5430.

In OpenShift Container Platform 3.11, which uses CRI-O to manage containers, a high severity vulnerability CVE-2024-5154 was detected. Attackers can gain access to sensitive information which should not be accessible from the container. This could include configuration files, security keys, and other confidential data. To fix this problem, users should upgrade OpenShift Container Platform to version 4.15.17. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5154.

In Harbor versions 2.8.x before 2.8.4, 2.9.x before 2.9.2, and 2.10.x before 2.10.0, a medium severity vulnerability CVE-2024-22244 was detected. This vulnerability allows attackers to redirect users to malicious websites. To fix this problem, users should upgrade Harbor to versions 2.8.5, 2.9.3, or 2.10.1. For more details, visit Aqua Security’s advisory.

In SonarQube versions before 10.4 and 9.9.4 LTA (Long-Term Support) a medium severity vulnerability CVE-2024-38460 was detected. This vulnerability allows attackers to exploit encrypted values exposed in plaintext within URL parameters found in logs such as SonarQube Access Logs and Proxy Logs. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38460.

In GitLab CE/EE all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2 a medium severity vulnerability CVE-2024-1736 was detected. The vulnerability in GitLab’s CI/CD (Continuous Integration/Continuous Delivery) pipeline editor can potentially lead to denial of service attacks via specially crafted configuration files. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-1736.

In GitLab CE/EE versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2 a mediium severity vulnerability CVE-2024-1963 was detected. This vulnerability in GitLab’s Asana integration enables an attacker to exploit a regular expression denial of service through carefully constructed requests. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-1963.

In GitLab versions from 16.10.0 to 16.11.3 a low severity vulnerability CVE-2024-5469 was detected. This vulnerability allows attackers to crash KAS via crafted gRPC requests. There is no solution for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5469/.

In Harbor low severity vulnerability CVE-2024-22261 was detected. This vulnerability allows attackers to leak the task IDs. There is no solution to it yet. For more details, visit Read more Developer Tools

In Sonatype Nexus Repository versions from 3.0 to 3.68.0 a high severity vulnerability CVE-2024-4956 was detected. This flaw allows attackers to manipulate file paths, accessing files outside the restricted directory. The issue is fixed in version 3.68.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-4956/.