CVE-2023-43496 - How Jenkins Plugin Installation From URL Can Lead to Remote Code Execution
Jenkins is a widely used automation server trusted by thousands of companies and individual developers for continuous integration and deployment. But, like all complex software,
CVE-2023-43498 - How Jenkins File Upload Vulnerability Lets Local Attackers Intercept Your Data
In September 2023, the Jenkins team disclosed an important security vulnerability: CVE-2023-43498. This bug affects Jenkins version 2.423 and earlier, as well as LTS
CVE-2022-1438 - Uncovering an XSS Vulnerability in Keycloak's User Impersonation
Keycloak is a widely used, open source identity and access management solution. It powers authentication flows for countless organizations. In 2022, a security flaw—CVE-2022-1438—
CVE-2023-4853 - Quarkus HTTP Security Policy Bypass – How Attackers Might Slip Through Undetected
Published: June 2024
Introduction
Recently, a critical security vulnerability, CVE-2023-4853, was discovered in Quarkus, a popular Java framework. This bug allows attackers to bypass HTTP
CVE-2023-34047 - Understanding and Exploiting the Batch Loader Context Leak in Spring for GraphQL
Spring for GraphQL is a framework that helps Java developers build GraphQL APIs easily. If you're using GraphQL with Spring Boot, there'
Episode
00:00:00
00:00:00