Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param ...
Continue Reading
May 01, 2023
A flaw was found in Envoy. If Envoy is running with the OAuth filter enabled, a malicious actor could construct a request which would cause denial of service, crashing Envoy.Read More ...
Continue Reading
May 01, 2023
> **April 2023 update** â Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. **MERCURY** is now tracked as **Mango Sandstorm** ...
Continue Reading
May 01, 2023
> **April 2023 update** â Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. **MERCURY** is now tracked as **Mango Sandstorm** ...
Continue Reading
May 01, 2023
# Description If you visit https://nuxt.com, you will find hardcoded Github token in the source code of the page - `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`. This token has access to multiple reposit ...
Continue Reading
May 01, 2023
None ## Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ââââ[Microsoft Common Vulnerabilities ...
Continue Reading
May 01, 2023
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jen ...
Continue Reading
May 01, 2023
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it.Read More ...
Continue Reading
May 01, 2023
Back to Main
