In OpenStack versions 16.1, 16.2, 17.1 a high severity vulnerability CVE-2024-8007 was detected. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack. To fix this issue, users must upgrade OpenStack to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8007/.
Read more Cloud Computing
In MongoDB Server versions 5.0 prior to 5.0.14 and 6.0 prior to 6.0.3 a medium severity vulnerability CVE-2024-8207 was detected. This vulnerability allows attackers with access to the server to take control of the MongoDB process by loading malicious files when it starts. To fix this problem, users should upgrade MongoDB Server to versions 6.1.1, 5.0.14, and 6.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8207.
Read more Database
In Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 a medium severity vulnerability CVE-2024-8071 was detected. This vulnerability allows attackers with certain permissions to elevate their privileges to become a system administrator, giving them full control over the Mattermost system. To fix this issue, users should upgrade Mattermost to versions 9.11.0, 9.9.2, 9.5.8, 9.10.1 and 9.8.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8071.
Read more Communication
In Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, and 9.8.x <= 9.8.2 a medium severity vulnerability CVE-2024-32939 was detected. When shared channels are enabled, remote users’ original email addresses stored in user properties are not redacted, even when email visibility is configured to be hidden on the local server. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-32939.
Read more Communication
In Joomla versions 3.0.0-3.10.16-elts, 4.0.0-4.4.6, and 5.0.0-5.1.2 a low severity vulnerability CVE-2024-40743 was detected. The stripImages and stripIframes methods didn’t handle inputs correctly, allowing for XSS attacks. To fix this problem, users should upgrade to version 3.10.17-elts, 4.4.7, or 5.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-40743.
Read more CMS
In Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 a medium severity vulnerability CVE-2024-43813 was detected. The system lacks proper access controls, letting any authenticated user, including guests, mark any channel in any team as read for any user. This can lead to unauthorized changes in user notifications and disrupt the user experience. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43813.
Read more Communication
In Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 a medium severity vulnerability CVE-2024-43780 was detected. This vulnerability allows a guest user with read access to upload files to a channel. To fix this issue, users must upgrade Mattermost to versions 9.5.8, 9.10.1, 9.9.2, 9.8.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43780/.
Read more Communication
In Mattermost versions ≤ 1.0.0 a medium severity vulnerability CVE-2024-43105 was detected. This vulnerability allows a user to consume excessive resources by running the /export command multiple times at once. To fix this issue, users must upgrade Mattermost to version 1.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43105.
In OpenSearch versions 2.16.0, 1.3.19 and earlier a medium severity vulnerability CVE-2024-43794 was detected. The Dashboards Security Plugin adds a user interface for managing security features. Improper validation of the nextUrl parameter may cause an external redirect during login if certain parameters are manipulated. To fix this problem, users should upgrade to version 1.3.19 or 2.16.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43794.
Read more Data Analytics