In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a medium severity vulnerability CVE-2024-8929 was detected. This vulnerability allows attackers to exploit a malicious MySQL server to force the PHP client to reveal sensitive data from its memory, including information from other users. To address this issue, users must upgrade to PHP versions 8.1.31 or later, 8.2.26, or 8.3.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8929.
Read more Web Development
In Keycloak versions up to 26.0.6 a low severity vulnerability CVE-2024-10492 was detected. This vulnerability allows attackers with high privileges to confirm the existence of sensitive Vault files by creating resources like an LDAP provider configuration and a Vault read file. To address this issue users must upgrade to Keycloak versions 26.0.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10492.
Read more Security
In GitLab CE/EE versions from 8.12 before 17.4.5, 17.5 before 17.5.3 and 17.6 before 17.6.1 a high severity vulnerability CVE-2024-8114 was detected. This vulnerability allows an attacker with access to a victim’s Personal Access Token (PAT) to escalate privileges. To address this issue, users must upgrade to GitLab CE/EE versions 17.4.5, 17.5.3, or 17.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8114.
Read more Developer Tools
In GitLab CE/EE versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, and starting from 17.6 prior to 17.6.1 a medium severity vulnerability CVE-2024-8177 was detected. This vulnerability allows attackers to cause a Denial of Service by integrating a malicious Harbor registry. To address this issue, users must upgrade to GitLab CE/EE versions 17.4.5, 17.5.3, or 17.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8177.
Read more Developer Tools
In Keycloak versions up to 26.0.6 a high severity vulnerability CVE-2024-10270 was detected. This vulnerability allows attackers to trigger a denial of service (DoS) by exhausting system resources due to Regex complexity if untrusted data is passed to the SearchQueryUtils method. To address this issue, users must upgrade to Keycloak versions 26.0.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10270.
Read more Security
In GitLab EE versions starting from 17.3 before 17.3.7, starting from 17.4 before 17.4.4 and starting from 17.5 before 17.5.2 a medium severity vulnerability CVE-2024-10240 was detected. This vulnerability allows unauthenticated users to access details about merge requests (MR) in a private project under specific conditions. To fix this issue, users are advised to upgrade GitLab EE to versions 17.6.1, 17.5.3, or 17.4.5. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-10240.
Read more Developer Tools
In GitLab CE/EE versions 16.11 prior to 17.4.5, 17.5 prior to 17.5.3, 17.6 prior to 17.6.1 a medium severity vulnerability CVE-2024-11668 was detected. This vulnerability allows attackers to bypass authentication and access sensitive data through long-lasting connections. To fix this issue, users should upgrade GitLab CE/EE to versions 17.4.5, 17.5.3 or 17.6.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11668.
Read more Developer Tools
In GitLab CE/EE versions 16.9.8 prior to 17.4.5, 17.5 prior to 17.5.3, 17.6 prior to 17.6.1 a medium severity vulnerability CVE-2024-11669 was detected. This vulnerability allows attackers to access sensitive data without proper authorization by exploiting certain security weaknesses in GitLab’s API. To fix this issue, users should upgrade GitLab CE/EE to versions 17.4.5, 17.5.3, or 17.6.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11669.
Read more Developer Tools
In GitLab CE/EE versions 13.2.4 prior to 17.4.5, 17.5 prior to 17.5.3, 17.6 prior to 17.6.1 a medium severity vulnerability CVE-2024-11828 was detected. This vulnerability allows attackers to create a denial of service (DoS) condition by sending crafted API calls. To fix this issue, users should upgrade GitLab CE/EE to versions 17.4.5, 17.5.3 or 17.6.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11828.
Read more Developer Tools