This module combines two vulnerabilities in order achieve remote code execution in the context of the `horizon` user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenR ...
Continue Reading
May 01, 2023
This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in O ...
Continue Reading
May 01, 2023
### Summary Strapi through 4.5.6 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. ### Details Strapi through 4.5.6 d ...
Continue Reading
May 01, 2023
### Summary Strapi through 4.5.6 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. ### Details Strapi through 4.5.6 d ...
Continue Reading
May 01, 2023
Grafana Labs reports: When setting up Grafana, there is an option to enable JWT authentication. Enabling this will allow users to authenticate towards the Grafana instance with a special header ...
Continue Reading
May 01, 2023
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it a ...
Continue Reading
May 01, 2023
A flaw was found in HashiCorp Consul, where it is vulnerable to a denial of service caused by improper input validation for the node or segment names. By sending a specially-crafted request, a remote, ...
Continue Reading
May 01, 2023
Back to Main
