CVE-2023-26448 - Custom Log-in/Log-out Locations in jslob Expose Users to Malicious Redirects (Exclusive Deep Dive)
CVE-2023-26448 is an overlooked but serious security flaw affecting web applications that let users define custom log-in and log-out URLs, referred to internally as jslob
CVE-2023-4055 - Behind the Scenes of a Cookie Jar Mixup in Firefox
Published: Exclusive Long-Read
CVSS Score: 4.3 (Medium)
Impacted software:
Firefox ESR < 115.1
Web developers and end-users depend on cookies every day—for
CVE-2023-3414 - How a CSRF Flaw in Jenkins ServiceNow DevOps Plug-in Could Leak Your Secrets (and How to Fix It)
In June 2023, a security vulnerability (CVE-2023-3414) landed in popular DevOps circles, with potential to expose sensitive data from Jenkins environments using the ServiceNow DevOps
CVE-2023-39153 - How a Simple CSRF Bug Exposed Jenkins Users via GitLab Auth Plugin
Jenkins is a widely used automation server in software development. Many teams depend on Jenkins for building, testing, and deploying code. For easy and secure
CVE-2023-39156 - How A CSRF Vulnerability in Jenkins Bazaar Plugin Let Attackers Delete SCM Tags
In June 2023, a cross-site request forgery (CSRF) vulnerability, tracked as CVE-2023-39156, was discovered in the Jenkins Bazaar Plugin. This bug, present in version 1.
Episode
00:00:00
00:00:00