(RHSA-2022:5532) Important: Red Hat Fuse 7.11.0 release and security update

This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. ...

Continue Reading
OAuth Single Sign On < 6.22.6 – Authentication Bypass

The plugin doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address. ### PoC The PoC will be dis ...

Continue Reading
OAuth Single Sign On < 6.22.6 – Authentication Bypass

The plugin doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.Read More ...

Continue Reading
Exploit for Cross-Site Request Forgery (CSRF) in Jetbrains Teamcity

# CVE-2022-24342 JetBrains TeamCity - account takeover via CSRF ...Read More ...

Continue Reading
CVE-2022-29226

A flaw was found in Envoy. The OAuth filter does not include an implementation for validating access tokens, allowing remote attackers to bypass authentication to Envoy by providing any token value. # ...

Continue Reading
CVE-2022-29228

A flaw was found in Envoy. The OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on ...

Continue Reading
Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups

[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEh8m9yPyQTROHzU6yaOfRCvvE1ttZtSWBt7zSs32eXcUBO-f2bI4BWxc5kijrdg3PkPXX-auqTUQK3SOMjcMTJFPZMoFCrVmdJgIbi-lkxlxA6KHu-Yp4t_olUhadq8pdCBhv5tYwF ...

Continue Reading
CVE-2020-26877

ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to ...

Continue Reading

Back to Main

Subscribe for the latest news: