Our news and updates

In Mautic versions below 1.0.0 and 5.0.0 a low severity vulnerability CVE-2024-47058 was detected. This vulnerability allows attackers with access to edit a Mautic form to insert Cross-Site Scripting into the HTML field, potentially enabling the theft of sensitive information from the user’s current session. To fix this issue, users must upgrade to version 4.4.13, 5.1.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-47058.

In Mautic versions below 2.6.0 and 5.0.0 a medium severity vulnerability CVE-2024-47050 was detected. This vulnerability allows attackers to exploit Cross-Site Scripting through the Page URL variable. To fix this issue, users must upgrade to versions 4.4.13 or 5.1.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-47050.

In GitLab versions starting from 13.3 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2 a medium severity vulnerability CVE-2024-2743 was detected. This vulnerability allows attackers to unauthorized modify on-demand DAST scans, potentially leading to the leakage of sensitive variables and compromising the security of the system. To fix this issue, users should upgrade GitLab to versions 17.1.7, 17.2.5, 17.3.2, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-2743.

In Mattermost Desktop App versions 5.8.0 and earlier a medium severity vulnerability CVE-2024-39772 was detected. This vulnerability allows attackers to silently capture high-quality screenshots via JavaScript APIs due to a failure in safeguarding screen capture functionality. To fix this issue, users must upgrade to version 5.9.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39772.

In Mattermost Desktop App versions 5.8.0 and earlier a medium severity vulnerability CVE-2024-39613 was detected. This vulnerability allows a local attacker to exploit the failure to specify an absolute path when searching for cmd.exe, enabling them to place a malicious cmd.exe file in the user’s Downloads folder and execute remote code. To fix this issue, users must upgrade to version 5.9.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39613.

In Mattermost Mobile Apps versions up to 2.18.0 a medium severity vulnerability CVE-2024-45833 was detected. This issue allows attackers to access passwords saved in the dictionary if the Swiftkey keyboard is being used, the password includes a special character, and password masking is turned off. To fix this issue, users should upgrade Mattermost to 2.19.0 version. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45833.

In Mattermost Desktop App versions up to 5.8.0 a medium severity vulnerability CVE-2024-39613 was detected. This vulnerability allows local attackers to execute remote code by placing a malicious cmd.exe file in the Downloads folder on a user’s machine. To fix this issue, users should upgrade Mattermost to 5.9.0 version. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39613.

In GitLab versions starting from 16.5 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2 a medium severity vulnerability CVE-2024-4472 was detected. This vulnerability allows attackers to potentially access and view dependency proxy credentials by examining GraphQL logs, which could lead to unauthorized access to internal resources or further exploitation of the system. To fix this issue, users should upgrade GitLab to versions 17.1.7, 17.2.5, 17.3.2, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-4472.

In GitLab versions starting from 11.1 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2 a high severity vulnerability CVE-2024-4283 was detected. This vulnerability allows attackers to bypass the OAuth authorization process and gain access to user accounts. To fix this issue, users should upgrade GitLab to versions 17.1.7, 17.2.5, 17.3.2, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-4283.