CVE-2024-11274 - GitLab NEL Header Injection in K8s Proxy – Exploit Details and Understanding the Risk
A serious security vulnerability— CVE-2024-11274— has come to light in popular source code management platform GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw
CVE-2024-12292 - Sensitive Information Leakage via GraphQL Logs in GitLab CE/EE (11.–17.6.1) — Details, Exploit, and Mitigation
On March 6, 2024, GitLab disclosed an information disclosure vulnerability (CVE-2024-12292) affecting its Community Edition (CE) and Enterprise Edition (EE). The flaw exists in all
CVE-2024-10043 - GitLab Wiki Diff Feature Discloses Confidential Incident Titles – Deep Dive, Exploit Demo, and Remediation
On February 2024, a critical security issue dubbed CVE-2024-10043 was publicly disclosed affecting GitLab EE (Enterprise Edition). This vulnerability, found in specific GitLab versions, makes
CVE-2024-21574 - How POST Requests to `/customnode/install` Enable Remote Code Execution in Custom Node Extensions
CVE-2024-21574 is a critical vulnerability that left many servers running custom node extensions open to Remote Code Execution (RCE). This post will walk you through
CVE-2024-4109 - How a Flaw in Undertow HTTP/2 Handler Can Leak Your Inflight Secrets
On May 2024, a new security issue—CVE-2024-4109—was disclosed, affecting Red Hat’s highly used web server component, Undertow. If you use WildFly, JBoss,
Episode
00:00:00
00:00:00