Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.Read More ...
Continue ReadingSeptember 21, 2022
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller fi ...
Continue ReadingSeptember 21, 2022
We discussed Microsoft Detection and Response Teams (DART) threat hunting principles in part 1 of The art and science behind Microsoft threat hunting blog series. In this follow-up post, we will tal ...
Continue ReadingSeptember 21, 2022
We discussed Microsoft Detection and Response Teams (DART) threat hunting principles in part 1 of The art and science behind Microsoft threat hunting blog series. In this follow-up post, we will tal ...
Continue ReadingSeptember 21, 2022
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages ...
Continue ReadingSeptember 21, 2022
![How to Accelerate Your SOAR Program to Full Speed in Less Than a Year](https://blog.rapid7.com/content/images/2022/09/accelerate-soar-program.jpg) Every new technology comes with a learning curve sp ...
Continue ReadingSeptember 21, 2022
# Description Immich does not check for admin privileges when setting account passwords. This allows any user to set the password for any account, thus allowing privilege escalation by admin account t ...
Continue ReadingSeptember 21, 2022
# Description Immich constructs the path, filename, and file extension of uploaded files from improperly sanitized user input. Therefore, the upload function is vulnerable to a path traversal attack l ...
Continue ReadingSeptember 21, 2022
Back to Main