CVE-2024-8883 - Keycloak Misconfiguration Lets Attackers Steal Login Tokens with Open Redirects
Keycloak is a popular tool for single sign-on (SSO) and identity management, powering login systems for many organizations. But in early 2024, a new misconfiguration
CVE-2024-38222 - Exposing Sensitive Data via Microsoft Edge (Chromium) Information Disclosure Vulnerability
In June 2024, Microsoft published a security advisory for CVE-2024-38222, a newly discovered information disclosure vulnerability affecting Microsoft Edge, the Chromium-based edition. This vulnerability, if
CVE-2024-6535 - Skupper OAuth-Proxy Flaw—How a Static Cookie-Secret Exposes Your Console
Published: June 2024
Severity: High
Component: Skupper
CWE: CWE-311 (Missing Encryption of Sensitive Data)
A newly disclosed vulnerability, CVE-2024-6535, affects Skupper installations that use the
CVE-2024-2177 - Breaking Down Cross Window Forgery in GitLab OAuth Flow
In June 2024, a new and critical security flaw—CVE-2024-2177—was disclosed in GitLab Community and Enterprise Edition. This vulnerability affects all versions from 16.
CVE-2024-4540: Information Disclosure Vulnerability in Keycloak OAuth 2. Pushed Authorization Requests (PAR)
In this extensive post, we will discuss a vulnerability that was recently discovered in Keycloak, a popular open-source Identity and Access Management solution. The vulnerability,
Episode
00:00:00
00:00:00