Although [X.509]() certificates have been here for a while, they have become more popular for client authentication in zero-trust networks in recent years. Mutual TLS, or authentication based on X.509 ...
Continue Reading18 августа, 2023
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier does not use a constant-time comparison when checking whether two authentication tokens are equal. This could potentially allow attackers to use ...
Continue Reading17 августа, 2023
[Discord.io]() was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachFo ...
Continue Reading17 августа, 2023
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier does not use a constant-time comparison when checking whether two authentication tokens are equal. This could potentially allow attackers to use ...
Continue Reading16 августа, 2023
Improper Authentication vulnerability in miniOrange OAuth Single Sign On â SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On â SSO (OAuth Client) ...
Continue Reading15 августа, 2023
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access ...
Continue Reading15 августа, 2023
Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-sour ...
Continue Reading15 августа, 2023
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be use ...
Continue Reading15 августа, 2023
Back to Main