In GitLab versions from 16.3 through 16.11.5, from 17.0 through 17.0.3, and from 17.1 through 17.1.1 a medium severity vulnerability CVE-2024-2177 was detected. This vulnerability allows attackers to trick the login system by using a specially designed message. To fix this problem, users should upgrade GitLab to one of the following versions: 16.11.5, 17.0.3, or 17.1.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-2177.
Read more Developer Tools
In the OpenSearch observability plugins a medium severity vulnerability CVE-2024-39901 was detected. This vulnerability lets unauthorized users access private tenant resources, like notebooks. The system didn’t check if the user was the resource author, potentially exposing sensitive data. This issue has been fixed in OpenSearch version 2.14. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39901.
Read more Data Analytics
In Mattermost versions from 9.5.5 to 9.8.0 a medium severity vulnerability CVE-2024-6428 was detected. This vulnerability allows attackers to create users and steal the data. There is no solution to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6428/.
Read more Communication
In OpenVPN versions 2.6.10 a high severity vulnerability CVE-2024-28882 was detected. This vulnerability allows attackers, who already have access, to mess up the server’s ability to close connections. To fix this problem, users should upgrade OpenVPN to version 2.6.11. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-28882.
In OpenVPN version 2.6.9 a high severity vulnerability CVE-2024-27459 was detected. This vulnerability allows attackers to gain higher system privileges by sending oversized messages, which can cause the service to malfunction and grant unauthorized access. To fix this problem, users should upgrade OpenVPN to version 2.6.10. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27459.
Read more Security
In OpenVPN version 2.6.9 a high severity vulnerability CVE-2024-24974 was detected. This vulnerability allows attackers to connect to and interact with this service, potentially gaining unauthorized access to the OpenVPN service. To fix this problem, users should upgrade OpenVPN to version 2.6.10. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-24974.
Read more Security
In OpenVPN versions 2.6.9 and earlier a high severity vulnerability CVE-2024-27903 was detected. The plug-ins on Windows can be loaded from any directory, which allows an attacker to load an arbitrary plug-in, enabling interaction with the privileged OpenVPN interactive service. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27903.
Read more Security
In Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 a medium severity vulnerability CVE-2024-36257 was detected. The security issue is observed: one server can change the profile pictures of users on another server, even though they’re not connected directly. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36257.
Read more Communication
In Mastodon versions from 2.6.0 to 4.1.18 a high severity vulnerability CVE-2024-37903 was detected. This vulnerability allows attackers access to sensitive data. To fix this issue, users should update Mastodon to versions 4.2.10. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37903/.
Read more Communication