In Jenkins versions 2.441 and earlier a critical severity vulnerability CVE-2024-23897 was detected. Due to this bug, in LTS versions 2.426.2 and earlier, attackers gain access to any file on the Jenkins controller system by using a feature that interprets file paths preceded by the “@” character without requiring authentication. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-23897/.
Read more Developer Tools
In iTop a high severity vulnerability CVE-2023-47622 was detected. Refreshing dashlets could allow attackers to inject harmful code into the webpage if the system doesn’t properly clean up user-entered data. The issue is resolved in versions 3.0.4 and 3.1.1. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-47622/.
Read more IT Business Management
In Apache Zeppelin versions from 0.8.2 before 0.11.1 a medium severity vulnerability CVE-2024-31868 was detected. This vulnerability resides in the improper handling of encoding or escaping output, which enables attackers to manipulate the helium.json file, thereby launching cross-site scripting (XSS) attacks against unsuspecting users. Users are recommended to upgrade Apache Zeppelin to version 0.11.1, which fixes the issue. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31868/.
Read more Graphic Design
In Apache Kafka versions from 3.5.0 through 3.5.2, from 3.6.0 through 3.6.1 a critical vulnerability CVE-2024-27309 was detected. During the migration from ZooKeeper mode to KRaft mode in Apache Kafka, Access Control Lists (ACLs) may not be properly enforced, allowing attackers to bypass access restrictions. The issue is resolved in Apache Kafka versions 3.7.0 and 3.6.2. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-27309/.
Read more Data Analytics
In Apache Zeppelin versions from 0.8.2 before 0.11.1 a medium severity vulnerability CVE-2024-31867 was detected. Attackers can exploit the system by tampering with LDAP search filter settings, allowing them to run harmful queries. To fix the issue, users should upgrade Apache Zeppelin to versions 0.11.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31867/.
Read more Graphic Design
In iTop a high severity vulnerability CVE-2023-48709 was detected. Users need to be careful when opening CSV or Excel files from the back office or portal as they may contain dangerous formulas that can lead to malicious code being executed on your computer, especially in Excel 2016. The issue is resolved in iTop 2.7.9, 3.0.4, 3.1.1, and 3.2.0 versions. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-48709/.
Read more IT Business Management
In iTop a critical severity vulnerability CVE-2023-48710 was detected. Due to this vulnerability files from the env-production folder, which should be restricted, were accessible, potentially exposing sensitive data from third-party modules. To address this issue, users should update iTop to versions 2.7.10, 3.0.4, 3.1.1 and 3.2.0. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-48710/.
Read more IT Business Management
In GitLab CE/EE versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 a medium severity vulnerability CVE-2023-6489 was detected. Due to a bug in GitLab’s chat integration feature lets attackers overload the system, causing slowdowns and service interruptions. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-6489/.
Read more Developer Tools
In Apache Zeppelin versions from 0.8.2 before 0.11.1 a medium severity vulnerability CVE-2024-31866 was detected. The attackers can execute shell scripts or malicious code by manipulating configurations such as ZEPPELIN_INTP_CLASSPATH_OVERRIDES, thereby gaining unauthorized access to execute potentially harmful actions. Users are recommended to upgrade to version 0.11.1, which fixes the issue. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31866/.
Read more Graphic Design