authentik is vulnerable to authentication bypass due to an insufficient PKCE check. The vulnerability is caused by code_verifier step during the OAUTH initialisation flow. Authentik improperly accepts ...
Continue Reading
December 14, 2023
Hi, Spring fans! This week, my first as an employee of Broadcom, I am joined by Spring Security community legend Laura Spilca and we talk about all things security, OAuth, and...Read More ...
Continue Reading
December 14, 2023
mattermost is vulnerable to Open Redirect. The vulnerability is caused due to a missing validation at redirect URL parameter. The application fails to validate the custom URL scheme /oauth/{service}/m ...
Continue Reading
December 14, 2023
Mattermost fails to properly check a redirect URL parameter allowing for anĀ open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom ur ...
Continue Reading
December 14, 2023
Introduction In July, the GitHub Security Lab team conducted a collaborative review of one of our favorite software pieces. While it's not uncommon for our Security Lab researchers to work togeth ...
Continue Reading
December 14, 2023
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are ...
Continue Reading
December 14, 2023
ownCloud has warned users about three critical security flaws in its file-sharing software which, if exploited, could reveal sensitive information and modify files. An especially and potentially impac ...
Continue Reading
December 14, 2023
mattermost is vulnerable to Open Redirect. The vulnerability is caused due to a missing validation at redirect URL parameter. The application fails to validate the custom URL scheme /oauth/{service}/m ...
Continue Reading
December 14, 2023
Back to Main
