In OpenShift versions prior to 1.29.11, starting from 1.30.0 up to 1.30.8, starting from 1.31.0 up to 1.31.3 a high severity vulnerability CVE-2024-8676 was detected. This vulnerability allows attackers with access to the kubelet or CRI-O socket to exploit pod restoration and bypass mount access validations. To fix this issues, users must upgrade to to versions 1.29.11, 1.30.8, 1.31.3 or above. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-8676.
Read more Developer Tools
In OpenShift versions 4.12 to 4.17 a medium severity vulnerability CVE-2024-9676 was found in Podman, Buildah, and CRI-O. This flaw can lead to a denial of service (OOM kill) when using a malicious image with an auto-assigned user namespace. The vulnerability occurs because the containers/storage library doesn’t properly handle symlink files, allowing access to files on the host. To address this issue, users should upgrade to version 4.9.5-150400.4.35.1 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-9676.
In Traefik versions prior to 2.11.14, prior to 3.0.0 and prior to 3.2.1 a medium severity vulnerability CVE-2024-52003 was detected. This vulnerability allows attackers to provide the X-Forwarded-Prefix header from an untrusted source, leading to potential issues. To address this issue, users must upgrade to Traefik version 2.11.14 or 3.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52003.
Read more Security
In Zabbix versions 6.0.0 to 6.0.34, 6.4.0 to 6.4.19, and 7.0.0 to 7.0.4 a low severity vulnerability CVE-2024-42332 was detected. This vulnerability lets attackers send an SNMP (Simple Network Management Protocol) trap with extra data, showing fake information in the Zabbix UI. The attack works if SNMP authentication is off or if the attacker knows the community/authentication details. An SNMP item must also be set as text on the target host. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-42332.
Read more Monitoring
In HAProxy versions 2.2.9-2 and 2.6.12-1 a medium severity vulnerability CVE-2024-53008 was detected. This vulnerability allows attackers to bypass ACL (Access Control List) restrictions, potentially accessing sensitive information. To address this issue, users must upgrade to 2.9.12-1 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53008.
Read more Application Development
In Keycloak versions up to 26.0.2 a medium severity vulnerability CVE-2024-10451 was detected. This vulnerability allows attackers to capture sensitive runtime values, such as passwords, which may be embedded in bytecode during the build process. To address this issue, users must upgrade to Keycloak versions 26.0.6 or 26.0.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10451.
Read more Security
In Keycloak versions prior to 24.0.9, prior to 26.0.6 and 25.0.0 and prior a medium severity vulnerability CVE-2024-9666 was detected. This vulnerability allows attackers to exploit improper handling of proxy headers, leading to costly DNS resolution operations and potential denial of service (DoS). To address this issue, users must upgrade to Keycloak versions 26.0.6 or 24.0.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9666.
Read more Security
In Mattermost versions 10.0.x up to and including 10.0.1, 10.1.x up to and including 10.1.1, 9.11.x up to and including 9.11.3, 9.5.x up to and including 9.5.11 a high severity vulnerability CVE-2024-11599 was detected. This vulnerability allows unauthenticated users to bypass email domain restrictions during registration via crafted email input. To address this issue, users must upgrade to Mattermost versions 10.2.0, 10.0.2, 10.1.2, 9.11.4, 9.5.12 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11599.
Read more Communication
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a critical severity vulnerability CVE-2024-8932 was detected. This vulnerability allows attackers to cause an integer overflow through uncontrolled long string inputs to the ldap_escape() function on 32-bit systems, leading to an out-of-bounds write. To address this issue, users must upgrade to PHP versions 8.1.31, 8.2.26 or 8.3.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8932.
Read more Web Development