In GitLab versions 16.11 to 17.1.1 a high severity vulnerability CVE-2024-6323 was detected. This vulnerability allows attackers to leak the content of a private repository in a public project. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6323/.
Read more Developer Tools
In GitLab CE/EE versions from 15.8 onwards a critical security vulnerability CVE-2024-5655 was detected. Attackers can trigger a pipeline as another user under certain circumstances. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5655.
Read more Developer Tools
In GitLab CE/EE, all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, a medium severity vulnerability CVE-2024-5430 was detected. This issue allows a project maintainer to delete the merge request approval policy via GraphQL. There is no fix for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5430.
Read more Developer Tools
In Spring Cloud Data Flow a high severity vulnerability CVE-2024-22263 was detected. This flaw in the Skipper server allows hackers to upload harmful files, which can compromise the server. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-22263/.
Read more Application Development
In Airflow version 2.9.1 a low severity vulnerability CVE-2024-25142 was detected. This vulnerability allows attackers to get access to sensitive data. To address this issue, users must update version 2.9.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-25142/.
Read more Data Analytics
In Elasticsearch version 8.14.0 a medium severity vulnerability CVE-2024-23445 was detected. This vulnerability allows attackers to get access to sensitive data. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23445/.
Read more Data Analytics
In OpenShift Container Platform 3.11, which uses CRI-O to manage containers, a high severity vulnerability CVE-2024-5154 was detected. Attackers can gain access to sensitive information which should not be accessible from the container. This could include configuration files, security keys, and other confidential data. To fix this problem, users should upgrade OpenShift Container Platform to version 4.15.17. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5154.
Read more Developer Tools
In Harbor versions 2.8.x before 2.8.4, 2.9.x before 2.9.2, and 2.10.x before 2.10.0, a medium severity vulnerability CVE-2024-22244 was detected. This vulnerability allows attackers to redirect users to malicious websites. To fix this problem, users should upgrade Harbor to versions 2.8.5, 2.9.3, or 2.10.1. For more details, visit Aqua Security’s advisory.
Read more Developer Tools
In SonarQube versions before 10.4 and 9.9.4 LTA (Long-Term Support) a medium severity vulnerability CVE-2024-38460 was detected. This vulnerability allows attackers to exploit encrypted values exposed in plaintext within URL parameters found in logs such as SonarQube Access Logs and Proxy Logs. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38460.
Read more Developer Tools