In Mattermost versions from 9.11.x prior to 9.11.1 and from 9.5.x prior to 9.5.9 a low severity vulnerability CVE-2024-10214 was detected. This vulnerability allows attackers to create two active sessions, increasing the chance of unauthorized access. To fix this issue, users should update Mattermost to versions 9.11.2, 9.5.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10214.
Read more Communication
In Django versions 5.1.1, 5.0.9, and 4.2.16 a medium severity vulnerability CVE-2024-45231 was detected. This issue allows attackers to find out which email addresses are registered by sending password reset requests and checking the response — this only happens if the email system fails to send messages. Currently, there is no fix for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45231.
Read more Application Development
In Django versions 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16 a high severity issue CVE-2024-45230 was detected. Attackers can use large inputs with specific characters to cause a denial-of-service attack through the `urlize()` and `urlizetrunc()` filters.
To fix this issue, users are advised to upgrade to versions 5.1.1, 5.0.9, or 4.2.16. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45230.
In Grafana version 10.4.0 a low severity vulnerability CVE-2024-10452 was detected. This vulnerability allows organization admins to delete pending invites created in an organization they are not part of. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10452.
Read more Data Analytics
In Mattermost versions 9.10.0 to 9.10.2, 9.11.0 to 9.11.1, and 9.5.0 to 9.5.9 a medium severity vulnerability CVE-2024-50052 was found. This issue allows authenticated users to delete any post because the system fails to verify the message’s origin. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-50052.
Read more Communication
In Mattermost versions 9.10.x ≤ 9.10.2, 9.11.x ≤ 9.11.1, and 9.5.x ≤ 9.5.9 a medium severity vulnerability CVE-2024-47401 was detected. This vulnerability allows attackers to generate large responses, resulting in an amplified GraphQL response that could cause the application to crash by sending a specially crafted request to Playbooks. To fix this issue, users should upgrade Mattermost to versions 8.0.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47401.
Read more Communication
In Mattermost versions 9.10.x ≤ 9.10.2, 9.11.x ≤ 9.11.1, and 9.5.x ≤ 9.5.9 a medium severity vulnerability CVE-2024-46872 was found. This vulnerability lets attackers bypass security by manipulating user inputs, leading to CSRF attacks in Playbooks. To fix this issue, users are advised to upgrade to version 8.0.0 or above, specifically the version released after 2024-09-26. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-46872.
Read more Developer Tools
In Mattermost versions 9.5.x up to 9.5.9 a medium severity vulnerability CVE-2024-10241 was detected. This vulnerability allows attackers to see the names of private channels they shouldn’t have access to using the cmd+K or ctrl+K shortcut. To fix this issue, users should update Mattermost to version to version 9.5.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10241.
Read more Communication
In Umbraco CMS versions from 14.0.0 to before 14.3.0 a medium severity vulnerability CVE-2024-48925 was detected. This vulnerability allows low-privilege users to access the webhook API and retrieve information restricted to users with access to the settings section. To address this issue, upgrade to version 14.3.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-48925.
Read more CMS