In GitLab versions from 13.2.4 to 17.0 a medium severity vulnerability CVE-2024-1947 was detected. This vulnerability allows attackers to create a DoS attack. There is no solution to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-1947/.
Read more Developer Tools
In GitLab versions 13.2.4 to 17.0 a medium severity vulnerability CVE-2024-5258 was detected. This vulnerability allows attackers to bypass authorization. There is no solution to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5258/.
Read more Developer Tools
In all GitLab CE/EE versions starting from 11.11 prior to 16.10.6, from 16.11 prior to 16.11.3, and from 17.0 prior to 17.0.1a medium severity vulnerability CVE-2024-5318 was detected. This vulnerability allows a guest user to access dependency lists of private projects through job artifacts. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5318.
Read more Developer Tools
In Keycloak a high severity vulnerability CVE-2024-1132 was detected. URLs included in a redirect are not properly validated. Attackers can create malicious requests to bypass validation and access other URLs and sensitive information. It affects clients using a wildcard in the Valid Redirect URIs field and needs user interaction. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-1132/.
Read more Security
In Zabbix version 6.0.0 – 7.0.0alpha1 a critical vulnerability CVE-2024-22120 was detected. This vulnerability allows command execution and SQL injection via “clientip.” To address this issue, users should upgrade Zabbix to version 7.0.0 beta1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-22120/.
Read more Monitoring
In Mattermost versions from 9.5.x before 9.5.3, from 9.7.x before 9.7.1 and from 8.1.x before 8.1.12 a medium severity vulnerability CVE-2024-34029 was detected. The /api/v4/groups//channels//link endpoint has a permission issue. Users can see members of an AD/LDAP group linked to a team by adding the group to a channel, even if they shouldn’t have access. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34029.
Read more Communication
In GitLab CE/EE versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1 a medium severity vulnerability CVE-2023-6502 was detected. It is possible for a malicious user to cause a denial of service using a crafted wiki page. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-6502.
Read more Developer Tools
In GitLab CE/EE versions from 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1, a medium severity vulnerability CVE-2023-7045 was detected. An attacker could exploit this vulnerability to steal security tokens through the Kubernetes Agent Server (KAS). For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-7045/.
Read more Developer Tools
In Ghost versions before 5.82.0 a high severity vulnerability CVE-2024-34448 was detected. This issue lets attackers add harmful data during a member CSV export. Unauthenticated users can input dangerous code into registration fields. Users should update to the latest version to fix this problem. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34448.
Read more CMS