OAuth - API Security Blog

VMware Workspace ONE Access Template Injection / Command Execution

Post ContentRead More ...

30 мая, 2022

VMware Workspace ONE Access CVE-2022-22954

This module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) in VMware Workspace ONE Access, to execute shell commands as the "horizon" user.Read More ...

30 мая, 2022

Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954

![Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954](https://blog.rapid7.com/content/images/2022/04/vmware-one-etr.jpg) On April 6, 2022, VMware published [VMSA-2022-0011](), which ...

30 мая, 2022

Attacker Breach Dozens of GitHub Repos Using Stolen OAuth Tokens

GitHub revealed details tied to last weeks incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. We do not believe the attacker obtained these tokens via a ...

30 мая, 2022

(RHSA-2022:1823) Moderate: mod_auth_openidc:2.3 security update

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. ...

30 мая, 2022

Moderate: mod_auth_openidc:2.3 security update

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. ...

30 мая, 2022

[SECURITY] Fedora 36 Update: mod_auth_openidc-2.4.9.4-1.fc36

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.Read More ...

30 мая, 2022

Heroku Forces User Password Resets Following GitHub OAuth Token Theft

[![Heroku Forces User Password Resets](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg15Z2d_xS5elVdgf0xSUYqiHRPanhvDc3o8p0Vx09SlFdq1BQDAfW13mhR2zYu63dhu11Dj1cdPhHiHiFtH5bPgZ6_Iv97KMZMz_d4j ...

30 мая, 2022