In Mattermost versions up to 9.5.x <= 9.5.8 a low severity vulnerability CVE-2024-47145 was detected. This vulnerability allows attackers to view posts and files from archived channels via file links, even when access to archived channels is disabled. To fix this problem, users should upgrade to version 9.11.0 and 9.5.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47145.
Read more Communication
In Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 a low severity vulnerability CVE-2024-47003 was detected. This vulnerability allows attackers to crash the frontend by sending a non-string value as the message in a permalink post. To fix this problem, users should upgrade to version 10.0.0, 9.11.1, 9.5.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47003.
Read more Communication
In Rocket.Chat versions 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8 and earlier a medium severity vulnerability CVE-2024-46934 was detected. This vulnerability allows attackers to inject XSS payloads by exploiting the UpdateOTRAck method in Rocket.Chat. To fix this problem, users should upgrade to version 6.13.0, 6.12.1, and backported to 6.11.3, 6.10.6, 6.9.7, 6.8.7, and 6.7.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-46934.
Read more Communication
In WordPress versions up to and including 1.3.3.3 a critical severity vulnerability CVE-2024-8624 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to perform SQL Injection via the ‘meta_key’ attribute in the MDTF plugin for WordPress, potentially exposing sensitive database information. To fix this problem, users should upgrade to version 1.3.3.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8624.
Read more CMS
In Maven Archetype Plugin versions from 3.2.1 before 3.3.0 a medium severity vulnerability CVE-2024-47197 was detected. This vulnerability allows attackers to gain access to sensitive information, including user credentials, stored insecurely in the archetype-settings.xml file. To fix this issue, users must upgrade to version 3.3.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-47197.
Read more Developer Tools
In Authentik versions prior to 2024.8.3 and 2024.6.5 a medium severity vulnerability CVE-2024-47070 was detected. This vulnerability allows attackers to bypass the password login and access any account if they can provide an invalid IP address in the X-Forwarded-For header, but only if the system trusts that header. To fix this issue, users should upgrade Authentik to versions 2024.8.3 or 2024.6.5. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-47070.
In GitLab versions starting from 16.0 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 a medium severity vulnerability CVE-2024-4099 was detected. This vulnerability allows attackers to exploit an AI feature in GitLab to inject malicious content, potentially compromising the integrity of the system. To fix this issue, users should upgrade GitLab to versions 17.2.8, 17.3.4, or 17.4.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-4099.
Read more Developer Tools
In Grafana versions 8.5.0 up to 11.2.0 a medium severity vulnerability CVE-2024-8118 was detected. This vulnerability allows attackers with permission to write external alert instances to also write alert rules. To fix this issue, users must upgrade to versions 10.3.10, 10.4.9, 11.0.5, 11.1.6, or 11.2.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-8118.
Read more Data Analytics
In Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, and 9.5.x <= 9.5.8 a medium severity vulnerability CVE-2024-9155 was detected. This vulnerability allows attackers to view channel files that have not been linked to a post in channels they are a member of. Currently there is no patch version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-9155.
Read more Communication