### Impact For some Post/Put Concourse endpoint containing `:team_name` in the URL, a Concourse user can send a request with body including `:team_name=team2` to bypass team scope check to gain access ...
Continue Reading
October 19, 2022
### Impact For some Post/Put Concourse endpoint containing `:team_name` in the URL, a Concourse user can send a request with body including `:team_name=team2` to bypass team scope check to gain access ...
Continue Reading
October 19, 2022
This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to th ...
Continue Reading
October 19, 2022
Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XS ...
Continue Reading
October 19, 2022
Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to th ...
Continue Reading
October 19, 2022
## Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in Apache Zookeeper. ## Vulnerability Details ** CVEID: **[CVE-2019-0201]() ** DESCRIPTION: **Apache ZooKeeper could a ...
Continue Reading
October 19, 2022
## Summary An identity spoofing issue was found within IBM WebSphere Application Server Liberty, which IBM MQ uses to provide WebConsole and REST API functionality. ## Vulnerability Details **CVEID: * ...
Continue Reading
October 19, 2022
Post ContentRead More ...
Continue Reading
October 19, 2022
Back to Main
