GitLab Authentication Plugin 1.17.1 and earlier does not implement a state parameter in its OAuth flow, a unique and non-guessable value associated with each authentication request. This vulnerability ...
Continue Reading
July 27, 2023
OpenID Connect is an identity layer on top of the OAuth 2.0 protocol which aims to determine the provider URL for an end user. By leveraging the `/.well-known/webfinger` endpoint, it is sometimes poss ...
Continue Reading
July 26, 2023
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0558, a China-based threat actor with espionage objectives, has been targeting email data from approx ...
Continue Reading
July 24, 2023
Grafana is vulnerable to authentication bypass vulnerability. The vulnerability is specififc to Grafana deployments configured to use Azure AD OAuth for user authentication with a multi-tenant Azure a ...
Continue Reading
July 22, 2023
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2917-1 advisor ...
Continue Reading
July 21, 2023
Assembla Auth Plugin is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists due to lack of a state parameter in its OAuth flow which allows an attacker to trick a user into loggi ...
Continue Reading
July 20, 2023
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4030 advisory. - Grafana is validating Azure AD accounts based on the email c ...
Continue Reading
July 20, 2023
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-4030 advisory. - Grafana is validating Azure AD accounts based on the email ...
Continue Reading
July 20, 2023
Back to Main
