In iTop versions before 3.2.0 a high severity Cross-Site Request Forgery (CSRF) vulnerability CVE-2024-52002 was detected. This vulnerability allows attackers to exploit certain URL endpoints to carry out unauthorized actions. To address this issue, users are advised to upgrade to version 3.2.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-52002.
Read more IT Business Management
In Kanboard versions before 1.2.41 a high severity vulnerability CVE-2024-51748 was detected. This vulnerability allows attackers to execute arbitrary PHP code on the server by exploiting a misconfigured file path in the sqlite.db settings. To fix this issue, users should upgrade Kanboard to version 1.2.42. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51748.
In Kanboard versions prior to 1.2.42 a critical severity vulnerability CVE-2024-51747 was detected. This vulnerability allows attackers to exploit misconfigured file paths in the database, enabling them to read or delete arbitrary files on the server. To fix this issue, users should upgrade Kanboard to version 1.2.42. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51747.
Read more Project Management
In iTop versions prior to 2.7.11, from 3.0.0 up to 3.0.5, and from 3.1.0 up to 3.1.2 a medium severity vulnerability CVE-2024-49367 was found. This vulnerability allows low-privileged users create HTTP requests as the server. The issue was fixed by limiting access in the user portal to only safe functions. To address this issue, upgrade to versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-49367.
Read more IT Business Management
In Foreman version 3.9.0 a medium severity vulnerability CVE-2024-8553 was detected. This vulnerability allows attackers to exploit loader macros to bypass access controls and read any database field if they have permission to create or view report templates. To fix this issue, users should update Foreman to version 3.9.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-8553.
Read more IT Business Management
In Ansible version 2 a medium severity vulnerability CVE-2024-10033 was detected. This vulnerability allows attackers to inject malicious scripts, redirect users, or steal sessions and data by exploiting the “?next=” parameter in a URL. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10033.
Read more IT Business Management
In Foreman versions 6.13, 6.14 and 6.15 a critical severity vulnerability CVE-2024-7012 was detected. This vulnerability allows unauthorized users to gain admin access due to improper header handling by Apache’s mod_proxy. To fix this problem, users should upgrade to versions 6.13.7.2, 6.14.4.2, or 6.15.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7012.
Read more IT Business Management
In Foreman versions before 3.11.1 a medium severity vulnerability CVE-2024-7700 was detected. This vulnerability allows attackers to exploit user actions to execute malicious code. To fix this issue, users should upgrade Foreman to version 3.11.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7700.
Read more IT Business Management
In OpenProject versions before 14.3.0 a medium severity vulnerability CVE-2024-41801 was detected. This vulnerability allows attackers to redirect users with a fake HOST header, affecting default installations. Upgrade to version 14.3.0 to fix this by rejecting invalid hostnames. If upgrading isn’t possible, use mod_security for Apache, adjust Host and X-Forwarded-Host headers manually, or apply a patch for older versions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-41801.
Read more Project Management