CVE-2023-43498 - How Jenkins File Upload Vulnerability Lets Local Attackers Intercept Your Data
In September 2023, the Jenkins team disclosed an important security vulnerability: CVE-2023-43498. This bug affects Jenkins version 2.423 and earlier, as well as LTS
CVE-2022-1438 - Uncovering an XSS Vulnerability in Keycloak's User Impersonation
Keycloak is a widely used, open source identity and access management solution. It powers authentication flows for countless organizations. In 2022, a security flaw—CVE-2022-1438—
CVE-2023-4853 - Quarkus HTTP Security Policy Bypass – How Attackers Might Slip Through Undetected
Published: June 2024
Introduction
Recently, a critical security vulnerability, CVE-2023-4853, was discovered in Quarkus, a popular Java framework. This bug allows attackers to bypass HTTP
CVE-2023-34047 - Understanding and Exploiting the Batch Loader Context Leak in Spring for GraphQL
Spring for GraphQL is a framework that helps Java developers build GraphQL APIs easily. If you're using GraphQL with Spring Boot, there'
CVE-2023-41900 - Weak Authentication Flaw in Jetty OpenIdAuthenticator
Jetty is a widely used Java-based web server and servlet engine, valued for its speed and flexibility. But in 2023, a significant vulnerability—CVE-2023-41900—was
Episode
00:00:00
00:00:00