In GitLab Enterprise Edition versions before 16.8.6 as well as versions starting from 16.9 before 16.9.4, and from 16.10 before 16.10.2 a medium vulnerability CVE-2023-6678 was detected. It allows attackers to crash a system by putting harmful stuff in a junit test report file. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-6678.
Read more Developer Tools
In GitLab CE/EE all versions starting from 16.7 to 16.8.6, from 16.9 before 16.9.4, and from 16.10 before 16.10.2 a high severity vulnerability CVE-2024-2279 was detected. Due to this vulnerability, attackers could trick the system into executing harmful actions on behalf of other users without their knowledge through a method called stored XSS (cross-site scripting). For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2279.
Read more Developer Tools
In Vault and Vault Enterprise versions 1.14.0 and newer a medium severity vulnerability CVE-2024-2660 was detected. This vulnerability affects how Vault checks for certificate status, potentially letting someone with network access use a fake certificate to get unauthorized access. The issue is resolved in Vault version 1.16.0 and Vault Enterprise versions 1.16.1, 1.15.7, and 1.14.11. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2660.
Read more Security
In Ansible versions v3.0.0-v3.10.6 a critical security vulnerability, CVE-2024-29202 was detected. This vulnerability allows attackers to steal sensitive data. To address this issue, users are advised to upgrade to v3.10.7. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29202.
Read more IT Business Management
In Dolibarr a critical security vulnerability CVE-2024-29477 was detected. This vulnerability allows attackers to access your network and execute malicious code during installation. The issue is resolved in Dolibarr version 19.0.1 or newer. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29477.
Read more ERP
In Elasticsearch versions 8.10.0 and before 8.13.0 a medium security vulnerability CVE-2024-23451 was detected. This vulnerability affects the API key-based security model for Remote Cluster Security 20. This allows a malicious user with a valid API key to read arbitrary documents from any index on a remote cluster. The issue is resolved in Elasticsearch version 8.13.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23451.
Read more Data Analytics
In Apache Airflow package versions 2.8.2 to 2.8.4 a medium security vulnerability CVE-2024-29735 was detected. This vulnerability causes permission issues. The issue is resolved in Apache Airflow versions 2.8.4 or newer. A workaround is to avoid using the root user, upgrade to a newer version, or adjust permissions in the Airflow config file. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-29735.
Read more Data Analytics
In OpenShift Virtualization a medium security vulnerability CVE-2024-31419 was detected. This vulnerability allows attackers to disclose limited host metrics to any guest without administrator consent. The issue is resolved in version Container-native Virtualization 4.15.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31419.
Read more Developer Tools
The identified XSS vulnerability in Typebot’s sign-in page, up to version 2.24.0, posed a significant security threat by potentially allowing attackers to compromise user accounts. By exploiting the redirectPath parameter in the URL, attackers could execute malicious JavaScript, thereby gaining unauthorized access. The release of version 2.24.0 signifies a proactive response to address this vulnerability, reinforcing Typebot’s commitment to user security and the integrity of its platform.
Read more Application Development