In the OpenShift console version 3.1 a medium severity vulnerability CVE-2024-7128 was detected. This vulnerability allows some parts of the app to skip proper user authentication when using the default “openShiftAuth” provider. This can lead to data exposure because the necessary checks are not performed. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7128.
Read more Developer Tools
In GitLab CE/EE versions 15.4 prior to 17.0.5, 17.1 prior to 17.1.3 and 17.2 prior to 17.2.1 a low severity vulnerability CVE-2024-7060 was detected. This vulnerability allows attackers to access sensitive information by viewing project or group exports without authorization. To fix this problem, users should upgrade GitLab CE/EE to versions 17.0.5, 17.1.3, or 17.2.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7060.
Read more Developer Tools
In Couchbase Server versions before 7.2.5 and 7.6.0 before 7.6.1 a low severity vulnerability CVE-2024-37034 was detected. This vulnerability allows attackers to intercept and potentially steal sensitive information because the credentials are not properly secured. To fix this problem, users should upgrade Couchbase Server to versions 7.2.5 and 7.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37034.
Read more Database
In OpenShift versions 4.12.0 prior to 4.12.12, 4.13.0 prior to 4.13.5 and 4.14.0 prior to 4.14.0 a medium severity vulnerability CVE-2024-7128 was detected. This allows attackers to access and potentially steal data because the system is not properly checking user credentials. To fix this problem, users should upgrade to OpenShift versions 4.12.13, 4.13.6, and 4.14.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7128.
Read more Developer Tools
In OpenProject versions before 14.3.0 a medium severity vulnerability CVE-2024-41801 was detected. This vulnerability allows attackers to redirect users with a fake HOST header, affecting default installations. Upgrade to version 14.3.0 to fix this by rejecting invalid hostnames. If upgrading isn’t possible, use mod_security for Apache, adjust Host and X-Forwarded-Host headers manually, or apply a patch for older versions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-41801.
Read more Project Management
In the Openshift console a medium severity vulnerability CVE-2024-7079 was detected. The /API/helm/verify endpoint is not secured properly. As a result, unauthenticated users are able to access this endpoint, potentially leading to security risks. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7079.
Read more Developer Tools
In OpenProject versions prior to 14.3.0 a medium severity vulnerability CVE-2024-41801 was detected. This vulnerability allows attackers to redirect users to fake sites to steal their credentials. To fix this problem, users should upgrade OpenProject to version 14.3.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-41801.
Read more Project Management
In OpenShift version 3.11 a high severity vulnerability CVE-2024-7079 was detected. This vulnerability allows attackers to access the system without logging in, which could expose sensitive information. To fix this problem, users should upgrade OpenShift to version 4.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7079.
Read more Developer Tools
In Setuptools is a widely-used Python library for packaging, distributing, and installing Python projects a high severity vulnerability CVE-2024-6345 was detected. A vulnerability in the `package_index` module of pypa/setuptools (up to version 69.1.1) allows remote code execution through its download functions, which are susceptible to code injection with user-controlled inputs like package URLs. To address this issue users should upgrade to version 70.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6345.
Read more Application Development