GitLab 13.2 < 14.4.5 / 14.5.0 < 14.5.3 / 14.6.0 < 14.6.2 IP Restriction Bypass

According to its self-reported version, the instance of GitLab running on the remote web server is 13.2 prior to 14.4.5, 14.5.0 prior to 14.5.3, or 14.6.0 prior to 14.6.2. It is, therefore, possible t ...

Continue Reading
CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)

![CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)](https://blog.rapid7.com/content/images/2022/04/managengine-vuln.jpg) On April 9, 2022, ManageEngine fixed [CV ...

Continue Reading
This Week in Spring – April 12th, 2022 (Devnexus 2022 Edition!!)

## This Week in Spring - Devnexus Edition Hi, Spring fans! Welcome to another installment of _This Week in Spring_ - I'm at my first in-person event since the virus: Devnexus! WOOHOOO!! Well, technica ...

Continue Reading
CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)

![CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)](https://blog.rapid7.com/content/images/2022/04/ms-connected-cache-vuln.jpg) On April 12, 2022, Microsoft published [CVE- ...

Continue Reading
A Bootiful Podcast: GraphQL Java founder Andi Marek

Hi, Spring fans! In this installment of a Bootiful Podcast, Josh Long (@starbuxman) talks to the GraphQL Java project founder and lead, Atlassian engineer, and Spring GraphQL cofounder Andi Marek (@an ...

Continue Reading
Improper Removal of Sensitive Information Before Storage or Transfer in irrd

IRRd did not always filter password hashes in query responses relating to `mntner` objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-for ...

Continue Reading
This Week in Spring – March 29th, 2022

Aloha, Spring fans, from beautiful Maui, Hawaii, where I am with my family on a bit of vacation. It's our daughter's Spring break and so we're enjoying the family time while we can get it! I wanted to ...

Continue Reading
CVE-2021-4191

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumerat ...

Continue Reading

Back to Main

Subscribe for the latest news: