In GitLab CE/EE versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2 a mediium severity vulnerability CVE-2024-1963 was detected. This vulnerability in GitLab’s Asana integration enables an attacker to exploit a regular expression denial of service through carefully constructed requests. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-1963.
Read more Developer Tools
In Moodle CMS version 3.10 a low severity vulnerability CVE-2024-37674 was detected. This vulnerability allows a remote attacker to run any code they want through the name parameter when creating a new activity. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37674/.
Read more Educational
In Strapi version 4.24.4 a low severity vulnerability CVE-2024-37818 was detected. This vulnerability allows attackers to access sensitive information or scan for open ports using a crafted GET request. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37818/.
Read more Application Development
In FreeIPA a high severity vulnerability CVE-2024-2698 was detected. This vulnerability allows attackers to get access by bypassing the authorization. There is not solution to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-2698/.
Read more Security
In Kibana versions prior to 7.17.22 and prior to 8.14.0 a medium severity vulnerability CVE-2024-23443 was detected. This vulnerability allows attackers to upload a maliciously crafted osquery pack. To address this issue, users should upgrade Kibana to version 7.17.22, 8.14.0 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23443/.
Read more Data Analytics
In Kibana versions prior to 7.17.22 and from 8.0.0 prior to 8.14.0 a medium severity vulnerability CVE-2024-23442 was detected. This issue allows malicious URLs to redirect users to fake websites, making phishing attacks easier. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23442/.
Read more Data Analytics
In Mattermost all versions through 5.7.0 a medium severity vulnerability CVE-2024-37182 was detected. This flaw allows attackers to open external links without permission, potentially forcing your computer to run harmful programs. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37182/.
Read more Communication
In Ghost all versions through 5.85.1 a low severity vulnerability CVE-2024-34451 was detected. This flaw lets hackers bypass login attempt limits using multiple fake headers, but it can be avoided by setting up a reverse proxy to only accept trusted headers. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34451/.
Read more CMS
In Keycloak a low severity vulnerability CVE-2024-5967 was detected. This flaw in the LDAP testing endpoint of Keycloak allows an attacker with admin access to change the LDAP connection URL to their server, potentially exposing domain credentials. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5967/.
Read more Security