CVE-2024-6535 - Skupper OAuth-Proxy Flaw—How a Static Cookie-Secret Exposes Your Console
Published: June 2024
Severity: High
Component: Skupper
CWE: CWE-311 (Missing Encryption of Sensitive Data)
A newly disclosed vulnerability, CVE-2024-6535, affects Skupper installations that use the
CVE-2024-2177 - Breaking Down Cross Window Forgery in GitLab OAuth Flow
In June 2024, a new and critical security flaw—CVE-2024-2177—was disclosed in GitLab Community and Enterprise Edition. This vulnerability affects all versions from 16.
CVE-2024-37051 - GitHub Access Token Exposure in JetBrains IDEs – What Happened, How to Exploit, and How to Fix
---
References and Further Reading
10. Conclusion
1. Introduction
JetBrains IDEs like IntelliJ IDEA, PyCharm, and WebStorm are used by millions of developers worldwide. These
CVE-2024-4540: Information Disclosure Vulnerability in Keycloak OAuth 2. Pushed Authorization Requests (PAR)
In this extensive post, we will discuss a vulnerability that was recently discovered in Keycloak, a popular open-source Identity and Access Management solution. The vulnerability,
CVE-2023-6787 - Keycloak Session Hijacking via Re-authentication Flaw
Keycloak is a popular open-source identity and access management tool used by many organizations to secure their web applications. However, in December 2023, a critical
Episode
00:00:00
00:00:00