Our news and updates

In Mautic versions 1.0.0-beta4 to 4.4.11 and 5.0.0-alpha to 5.0.3 a medium severity vulnerability CVE-2022-25777 was detected. This vulnerability allows attackers to read system files and access internal addresses via a Server-Side Request Forgery (SSRF) flaw. To fix this issue, users must upgrade to version 4.4.12 or 5.0.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-25777.

In Couchbase versions 7.6.x prior to 7.6.2, 7.2.x prior to 7.2.6 a medium severity vulnerability CVE-2024-25673 was detected. This vulnerability allows attackers to perform HTTP Host header injection, potentially leading to redirecting requests to malicious sites or influencing server-side logic based on manipulated host headers. Such attacks could compromise the integrity and security of the server. To fix this issue, users should upgrade Couchbase to versions 7.6.2, 7.2.6, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-25673.

In Keycloak versions before version 24.0.8 a medium severity vulnerability CVE-2024-8883 was detected. This vulnerability allows attackers to redirect users to fake websites, potentially stealing sensitive information like login details and taking over user accounts. To fix this issue, users should upgrade Keycloak to version 25.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8883.

In Keycloak versions before version 24.0.0 a critical severity vulnerability CVE-2024-8698 was detected. This vulnerability allows attackers to trick the system into accepting fake SAML messages, which could lead to unauthorized access or impersonation of users. To fix this issue, users should upgrade Keycloak to version 24.0.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8698.

In Traefik versions prior to 2.11.9 and 3.1.3 a critical severity vulnerability CVE-2024-45410 was detected. This vulnerability allows attackers to remove or modify certain HTTP headers, such as X-Forwarded-Host or X-Forwarded-Port, before requests are routed to the application. This manipulation can lead to security implications, as the application may trust these header values. To address this issue, users are advised to upgrade to versions 2.11.9 or 3.1.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45410.

In versions 2.5.303 of Wiki.js a medium severity vulnerability CVE-2024-45298 was detected. This vulnerability allows attackers to bypass account disabling by requesting a password reset. To fix this issue, all users are advised to upgrade to version 2.5.304, as there are no known workarounds for this vulnerability. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45298.

In Mattermost Desktop App versions 5.8.0 and earlier a medium severity vulnerability CVE-2024-45835 was detected. This vulnerability allows attackers to gather Chromium cookies or exploit other misconfigurations through remote or local access due to insufficient configuration of Electron Fuses. To fix this issue, it is recommended to update to versions later than 5.8.0 for the Desktop App and versions earlier than 5.9.0 for the Mattermost Server. For more details, visit https://avd.aquasec.com/nvd/cve-2024-45835.

In Next.js versions 13.5.1 to 14.2.9 a high severity vulnerability was detected. This vulnerability allows attackers to poison the cache of non-dynamic server-side rendered routes in the pages router (not affecting the app router) by sending a crafted HTTP request. To fix this issue, it is recommended to upgrade Next.js to versions 13.5.7, 14.2.10, or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-46982.

In Nextcloud Desktop Client versions 3.13.1 through 3.13.3 on Linux a critical severity vulnerability CVE-2024-46958 was detected. This vulnerability allows synchronized files between the server and client to become world writable or world readable. To address this issue, updating to version 3.13.4 is recommended. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-46958.