On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHu ...

Continue Reading

September 21, 2022

### Impact This issue allows a client of the API to retrieve more information than the client’s OAuth scope permits when making “search-type” requests. This issue would not allow a client to retrie ...

Continue Reading

September 21, 2022

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijvy3n-CUsr6eXUhIe7PiBAVW-U_NTyQqMshhgs6BpUgBZrLhdokmYQmNrP26tUz5yCsbDyLwcbgc5mI7e9iQJtW4fvkcasfLgQ8O_6uDXCYuL0BKt-ba5HFecsH-61bqdyp1Mqa ...

Continue Reading

September 19, 2022

# Description There are two permissions not working correctly: The `Licenses -> View and Modify License Files` & the `Self -> Create API Keys` permission. ## License Files Files can be uploa ...

Continue Reading

September 16, 2022

### Impact - Attacker providing malicious redirect uri can cause DoS to oauthlib's web application. - Attacker can also leverage usage of `uri_validate` functions depending where it is used. _What kin ...

Continue Reading

September 16, 2022

### Impact - Attacker providing malicious redirect uri can cause DoS to oauthlib's web application. - Attacker can also leverage usage of `uri_validate` functions depending where it is used. _What kin ...

Continue Reading

September 16, 2022

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An a ...

Continue Reading

September 15, 2022

## Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and IBM Business Process Manager Enterprise Service Bus. Informatio ...

Continue Reading

September 14, 2022