Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks a ...
Continue Reading
May 01, 2023
This module combines two vulnerabilities in order achieve remote code execution in the context of the `horizon` user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenR ...
Continue Reading
May 01, 2023
This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in O ...
Continue Reading
May 01, 2023
Grafana Labs reports: When setting up Grafana, there is an option to enable JWT authentication. Enabling this will allow users to authenticate towards the Grafana instance with a special header ...
Continue Reading
May 01, 2023
A flaw was found in HashiCorp Consul, where it is vulnerable to a denial of service caused by improper input validation for the node or segment names. By sending a specially-crafted request, a remote, ...
Continue Reading
May 01, 2023
Back to Main
