In Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 a medium severity vulnerability CVE-2024-39361 was detected. It allows users to specify a RemoteId and post ID, letting attackers create posts with user-defined IDs. This can disrupt channel or thread functionality. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39361.
Read more Communication
In Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 a medium severity vulnerability CVE-2024-36257 was detected. The security issue is observed: one server can change the profile pictures of users on another server, even though they’re not connected directly. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36257.
Read more Communication
In Mastodon versions from 2.6.0 to 4.1.18 a high severity vulnerability CVE-2024-37903 was detected. This vulnerability allows attackers access to sensitive data. To fix this issue, users should update Mastodon to versions 4.2.10. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37903/.
Read more Communication
In Apache Tomcat versions from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89 a high severity vulnerability CVE-2024-34750 was detected. This vulnerability allows attackers to crash the Tomcat server, making it unavailable. This means that the website or service running on the server would stop working for everyone. To fix this problem, users should upgrade Apache Tomcat to one of the following versions: 11.0.0-M21, 10.1.25, or 9.0.90. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34750.
Read more Application Development
In Apache HTTP Server version 2.4.60 a high severity vulnerability CVE-2024-39884 was detected. This vulnerability allows attackers to see the code that runs websites, which should normally stay hidden. This means anyone could see the code and potentially sensitive information, which can lead to other security issues. To fix this problem, users should upgrade Apache HTTP Server to version 2.4.61. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39884.
Read more Application Development
In Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 a medium severity vulnerability CVE-2024-39830 was detected. When shared channels are enabled, variable-time token comparison allows attackers to retrieve tokens via timing attacks, exposing security-relevant information to unauthorized actors. There is no solution for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39830.
Read more Communication
In Mattermost versions 9.5.5 and 9.8.0 a medium severity vulnerability CVE-2024-39807 was detected. This vulnerability allows attackers to access sensitive data. There is no solution for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39807.
Read more Communication
In Apache HTTP Server version 2.4.59 a high severity vulnerability CVE-2024-39573 was detected. This vulnerability allows attackers to rewrite rules for URL addresses. To address this issue, users must upgrade to version 2.4.60. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39573.
Read more Application Development
In Discourse version 3.2.3 a medium severity vulnerability CVE-2024-35234 was detected. This vulnerability allows attackers to use scripts in the user’s browsers. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-35234/.
Read more Communication