CVE-2024-9164 - How a GitLab EE Vulnerability Lets Attackers Run Pipelines on Any Branch
- [Proof of Concept: Exploiting Arbitrary Pipeline Execution](#proof-of-concept-exploiting-arbitrary-pipeline-execution)
Introduction
In June 2024, a serious vulnerability (CVE-2024-9164) was disclosed affecting GitLab Enterprise Edition (EE). The
CVE-2024-21534 - Remote Code Execution in jsonpath-plus Before 10..7 — How the Vulnerability Works and How to Stay Safe
jsonpath-plus is a popular Node.js library for evaluating JSONPath expressions over JSON data. It's widely used in projects needing powerful querying capabilities
CVE-2024-9487 - GitHub Enterprise Server SAML SSO Authentication Bypass — Vulnerability Deep Dive
In early 2024, security researchers uncovered a serious flaw—CVE-2024-9487—affecting GitHub Enterprise Server (GHES). This vulnerability allowed attackers to bypass SAML Single Sign-On (SSO)
CVE-2024-9623 - GitLab Deploy Key Flaw Lets Attackers Push to Archived Repositories
In June 2024, a critical security vulnerability, CVE-2024-9623, was found in GitLab Community Edition (CE) and Enterprise Edition (EE). This bug affects multiple versions and
CVE-2024-9473 - Privilege Escalation via GlobalProtect Repair Functionality on Windows
Summary:
A critical privilege escalation vulnerability, tracked as CVE-2024-9473, has been discovered in Palo Alto Networks’ GlobalProtect app for Windows. This bug allows any authenticated
Episode
00:00:00
00:00:00