In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation...Read More ...
Continue Reading
July 26, 2024
KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a ...
Continue Reading
July 25, 2024
KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a ...
Continue Reading
July 25, 2024
KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a ...
Continue Reading
July 25, 2024
KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a ...
Continue Reading
July 25, 2024
CVE-2024-22198 - authenticated remote code execution in Nginx-ui Description This tool made for remote checking your Nginx-ui version and notify if it's vulnerable to CVE-2024-22198. Nginx-UI is ...
Continue Reading
July 24, 2024
github.com/drakkan/sftpgo is vulnerable to Insecure Direct Object Reference (IDOR). The vulnerability is due to the lack of proper security measures such as JWT ID (JTI) claims, nonces, and proper exp ...
Continue Reading
July 23, 2024
Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page (at /.pomerium) unintentionally included serialized OAuth2 access and ID tokens from the lo ...
Continue Reading
July 23, 2024
Back to Main
