In Gitlab versions 17.0 to 17.1.2 a low severity vulnerability CVE-2024-5470 was detected. This vulnerability allows attackers to create project-level deploy tokens as guest users. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5470/.
Read more Developer Tools
In GitLab CE/EE versions 17.0 to 17.0.3 and 17.1 to 17.1.1 a medium severity vulnerability CVE-2024-5257 was detected. A developer with the admin_compliance_framework role could change the URL for a group namespace. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5257.
In GitLab CE/EE, all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 a low severity vulnerability CVE-2024-2880 was detected. This vulnerability allows a user with admin_group_member custom role permission to ban group members. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-2880/.
In OpenSSH’s server (sshd) a high severity vulnerability CVE-2024-6387 was detected. There is a timing problem that can cause sshd to handle some signals unsafely. An unauthenticated, remote attacker could exploit this by failing to log in within a certain time frame. To address this issue, users should upgrade OpenSSH’s to version 9.8p1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6387.
Read more Developer Stacks
In Mattermost Mobile Apps versions 2.16.0 and earlier a medium severity vulnerability CVE-2024-32945 was detected. This vulnerability allows attackers to gain unauthorized access to sensitive data by exploiting a vulnerability in the system. To fix this problem, users should upgrade Mattermost Mobile Apps to version 2.17.0 and higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-32945.
Read more Communication
In Vault and Vault Enterprise versions prior to 1.17.1 and 1.16.5 a medium severity vulnerability CVE-2024-6468 was detected. This vulnerability allows attackers to avoid security barriers and gain access to protected user information. To fix this problem, users should upgrade Vault and Vault Enterprise to versions 1.17.2, 1.16.6, and 1.15.12. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6468.
Read more Security
In NetworkManager for Red Hat OpenShift Container Platform 4 a low severity vulnerability CVE-2024-6501 was detected. If a system has DEBUG logs on and an interface called eth1 with LLDP enabled, a hacker could send a bad LLDP packet, causing NetworkManager to crash and resulting in a denial of service. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6501/.
Read more Developer Tools
In Gitlab versions from 11.8 to 17.1.2 a low severity vulnerability CVE-2024-6595 was detected. This vulnerability allows attackers to upload an NPM package. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6595/.
Read more Developer Tools
In Mattermost versions before 2.16.0 a medium severity vulnerability CVE-2024-39767 was detected. This vulnerability allows attackers to send notifications from another server. There is no fix for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39767/.
Read more Communication