CVE-2022-41248

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.Read More ...

Continue Reading
CVE-2022-41255

Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller fi ...

Continue Reading
The art and science behind Microsoft threat hunting: Part 2

We discussed Microsoft Detection and Response Team’s (DART) threat hunting principles in part 1 of The art and science behind Microsoft threat hunting blog series. In this follow-up post, we will tal ...

Continue Reading
The art and science behind Microsoft threat hunting: Part 2

We discussed Microsoft Detection and Response Team’s (DART) threat hunting principles in part 1 of The art and science behind Microsoft threat hunting blog series. In this follow-up post, we will tal ...

Continue Reading
(RHSA-2022:6531) Important: OpenShift Container Platform 4.10.33 packages and security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages ...

Continue Reading

CVSS3 - HIGH

CVSS2 - MEDIUM

How to Accelerate Your SOAR Program to Full Speed in Less Than a Year

![How to Accelerate Your SOAR Program to Full Speed in Less Than a Year](https://blog.rapid7.com/content/images/2022/09/accelerate-soar-program.jpg) Every new technology comes with a learning curve sp ...

Continue Reading
Full Account Takeover via Improper Authorization

# Description Immich does not check for admin privileges when setting account passwords. This allows any user to set the password for any account, thus allowing privilege escalation by admin account t ...

Continue Reading
Remote Code Execution (RCE) via Arbitrary File Write and Path Traversal

# Description Immich constructs the path, filename, and file extension of uploaded files from improperly sanitized user input. Therefore, the upload function is vulnerable to a path traversal attack l ...

Continue Reading

Back to Main

Subscribe for the latest news: