CVE-2023-3362 - Exploiting an Information Disclosure Vulnerability in GitLab CE/EE GitHub Imports
---
Introduction
On June 2023, a serious information disclosure vulnerability—CVE-2023-3362—was uncovered in GitLab Community Edition (CE) and Enterprise Edition (EE). This issue exposed
CVE-2023-34246 - How Doorkeeper's Public Client Consent Flaw Exposed OAuth in Rails Apps
If you use Doorkeeper to handle OAuth 2 authentication in your Ruby on Rails or Grape APIs, you need to know about a major vulnerability
CVE-2023-24439 - How Jenkins JIRA Pipeline Steps Plugin Leaked Private Keys (And Why You Should Care)
On January 25, 2023, the Jenkins project revealed a serious security flaw affecting the popular JIRA Pipeline Steps Plugin. This bug, now tracked as CVE-2023-24439,
CVE-2023-24428 - How CSRF in Jenkins Bitbucket OAuth Plugin Lets Attackers Hijack Logins
---
What is CVE-2023-24428?
CVE-2023-24428 is a serious security vulnerability found in the Jenkins Bitbucket OAuth Plugin, affecting versions .12 and earlier. If your Jenkins
CVE-2022-3782 - Breaking Keycloak’s Redirects with Double URL Encoding – Path Traversal Explained
In October 2022, a security vulnerability was uncovered in Keycloak, a widely used open-source identity and access management solution. This flaw—tracked as CVE-2022-3782—let
Episode
00:00:00
00:00:00