In GitLab CE/EE versions from 16.9 and before 17.4.6, from including 17.5 and before 17.5.4, and from including 17.6 and before 17.6.2 a medium severity vulnerability CVE-2024-8116 was detected. This vulnerability allows an unauthorized user, under specific conditions, to retrieve branch names by using a specific GraphQL query. To address this issue, update GitLab CE/EE to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8116.
Read more Developer Tools
In GitLab EE versions starting from 14.3 before 17.4.6, from 17.5 before 17.5.4, from 17.6 before 17.6.2 a low severity vulnerability CVE-2024-10043 was detected. This vulnerability allows attackers to access confidential incident titles through the Wiki History Diff feature, potentially exposing sensitive information. To address this issue, users should upgrade GitLab EE to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10043.
Read more Developer Tools
In GitLab CE/EE versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2 a medium severity vulnerability CVE-2024-9387 was detected. This vulnerability allows attackers to perform an open redirect via a specific releases API endpoint. To address this issue, users should upgrade GitLab CE/EE to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9387.
Read more Developer Tools
In Opt-In Downloads plugin for WordPress versions up to 4.07 a high severity vulnerability CVE-2024-10590 was detected. This vulnerability allows authenticated users with Subscriber-level access or higher to upload arbitrary files, potentially leading to remote code execution (RCE) on NGINX servers. To address this issue, users must upgrade to a version later than 4.07. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10590.
Read more CMS
In Cognito Forms plugin for WordPress versions up to 2.0.6 a medium severity vulnerability CVE-2024-10182 was detected. This vulnerability allows authenticated users with Contributor-level access or higher to inject arbitrary web scripts into pages, which execute whenever a user accesses an affected page. To address this issue, users must upgrade to a version later than 2.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10182.
Read more CMS
In HQ Rental Software plugin for WordPress versions up to 1.5.29 a high severity vulnerability CVE-2024-11689 was detected. This vulnerability allows unauthenticated attackers to update arbitrary options, potentially leading to privilege escalation, by tricking a site administrator into performing an action such as clicking on a link. To address this issue, users must upgrade to a version later than 1.5.29. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11689.
Read more CMS
In sigstore-python versions from 2.0.0 to 3.5.9 a low severity vulnerability CVE-2024-55655 was detected. This vulnerability allows attackers to bypass integration time validation in “v2” and “v3” bundles during the verification flow, which could lead to a Denial of Service. To address this issue, users must upgrade to sigstore-python version 3.6.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55655.
Read more Application Development
In GitLab CE/EE versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2 a high severity vulnerability CVE-2024-11274 was detected. This vulnerability allows attackers to inject NEL (Network Error Logging) headers in the Kubernetes (k8s) proxy response, which could lead to session data exfiltration. To address this issue, users must upgrade to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11274.
Read more Developer Tools
In the Planaday API plugin for WordPress versions up to and including 11.4 a medium severity vulnerability CVE-2024-11804 was detected. This vulnerability allows attackers to inject harmful web scripts into pages by exploiting the ‘tab’ parameter. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11804.
Read more CMS