Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 ...
Continue ReadingJune 01, 2022
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages ...
Continue ReadingMay 30, 2022
[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEibSaL_2onu9HFSkDKS6vpwfAW61CDKj7FffAdrYV-rfMCl0RTqFOAU0q4xUr3YMSKTAo-XMYuwdpQopOtC-PypD36JJ_IPRd-RrsO_yB-TfKWK6RbdnyS9kfb-8BIo0VA8vUV2hs_ ...
Continue ReadingMay 30, 2022
On April 15, we published [a blog]() detailing an attack campaign utilizing stolen OAuth user tokens issued to two third-party GitHub.com integrators, Heroku and Travis CI. The npm organization on Git ...
Continue ReadingMay 30, 2022
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 a ...
Continue ReadingMay 30, 2022
We have released Spring Security OAuth 2.5.2 to address the following CVE report. * [CVE-2022-22969: Denial-of-Service (DoS) in spring-security-oauth2]() This vulnerability exposes OAuth 2.0 Client ...
Continue ReadingMay 30, 2022
According to its self-reported version, the instance of GitLab running on the remote web server is 7.7.x prior to 14.4.5, 14.5.0 prior to 14.5.3, or 14.6.0 prior to 14.6.2. It is, therefore, affected ...
Continue ReadingMay 30, 2022
[![GitHub](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjxX2jD8VVilJjQZkcsQwvoW0ZvAYbtJTCbmXDltSql9D4lPJW4bUlaSg9BnGka9yPYv829y-vn5ks9eFbNR9NaZd9WiHUEDQLsczRpWMDIz2fOCNxh-f8tAD_BfMy2zIiFu ...
Continue ReadingMay 30, 2022
Back to Main