In GitLab versions 17.1 to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2 a medium severity vulnerability CVE-2024-6446 was detected. This vulnerability allows attackers to create a fake link that could trick someone into trusting a harmful app controlled by the attacker. To fix this issue, users should upgrade GitLab to versions 17.2.5, 17.3.2, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6446.
Read more Developer Tools
In GitLab CE/EE versions from 15.10 before 17.1.7, from 17.2 before 17.2.5, from 17.3 before 17.3.2 a medium severity vulnerability CVE-2024-5435 was detected. This vulnerability in GitLab EE/CE could expose user passwords from repository mirror configurations. To fix this problem, users should upgrade to version 17.3.2, 17.2.5, or 17.1.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-5435.
Read more Developer Tools
In GitLab EE versions 11.2 to 17.1.6, 17.2 to 17.2.4, and 17.3 to 17.3.1 a high severity vulnerability CVE-2024-4660 was detected. This vulnerability allows attackers with guest access to read the source code of private projects using group templates. To fix this issue users should upgrade GitLab EE to version 17.1.7, 17.2.5, or 17.3.2, depending on the version currently in use. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-4660.
Read more Developer Tools
In GitLab EE versions 12.9 to 17.1.6, 17.2 to 17.2.4, and 17.3 to 17.3.1 a medium severity vulnerability CVE-2024-4612 was detected. This vulnerability allows attackers to perform an open redirect, which could potentially lead to an account takeover by disrupting the OAuth flow. To fix this issue users must upgrade to versions 17.1.7, 17.2.5, or 17.3.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-4612.
Read more Developer Tools
In GitLab CE/EE versions 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2, a medium severity vulnerability CVE-2024-6389 was detected. This vulnerability allows attackers with guest user access to view commit information through the release Atom endpoint, bypassing proper permission checks. To address this issue, it is recommended to update to versions 17.1.7, 17.2.5, or 17.3.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6389.
Read more Developer Tools
In Mattermost Desktop App versions up to and including 5.8.0 a medium severity vulnerability CVE-2024-39613 was found. This issue allows local attackers to run remote code by placing a malicious cmd.exe file in the Downloads folder on a user’s machine. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39613.
Read more Communication
In GitLab EE versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 a medium severity vulnerability CVE-2024-8311 was detected. This vulnerability allows authenticated users to bypass variable overwrite protection in GitLab EE pipelines using a CI/CD template. To fix this problem, users should upgrade to version 17.2.5, 17.3.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8311.
Read more Developer Tools
In GitLab CE/EE versions 16.4 to 17.3.2 a high severity vulnerability CVE-2024-8124 was detected. This vulnerability in GitLab CE/EE could cause a Denial of Service through a specific POST request. To fix this problem, users should upgrade to version 17.3.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8124.
Read more Developer Tools
In GitLab CE/EE versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2 a low severity vulnerability CVE-2024-6685 was detected. This vulnerability allows unauthorized attackers to gain access to sensitive group runner information. To fix this problem, users should upgrade GitLab to version 17.1.7, 17.2.5, 17.3.2, or later. For additional details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6685.
Read more Developer Tools