CVE-2023-2422: Keycloak mTLS Authentication Compromised; Client Certificate Chain Verification Flawed
The Keycloak identity and access management system, which supports OAuth and OpenID Connect (OIDC) clients, has been found with a serious vulnerability (CVE-2023-2422). This post
CVE-2023-3115: GitLab EE Single Sign On Vulnerability Affecting Public Members-Only Project Repositories Access Control
A recently discovered security vulnerability in GitLab EE, known as CVE-2023-3115, has been found to affect multiple versions of the popular web-based Git repository manager.
CVE-2022-4137 - Reflected Cross-Site Scripting (XSS) Vulnerability in Keycloak's 'oob' OAuth Endpoint
A security vulnerability, assigned as CVE-2022-4137, was recently discovered in the 'oob' OAuth endpoint of Keycloak, which is an open-source identity and access
CVE-2023-36100 - IceCMS 2..1 Privilege Escalation and Sensitive Information Disclosure Vulnerability
A vulnerability has been discovered in IceCMS version 2..1 (CVE-2023-36100), which allows attackers to escalate their privileges and gain access to sensitive information. This
CVE-2023-40349: Jenkins Gogs Plugin 1..15 Vulnerability Allows Unauthenticated Builds
A recently discovered vulnerability has been detected in Jenkins Gogs Plugin 1..15 and earlier versions. Identified as CVE-2023-40349, this issue can cause major problems
Episode
00:00:00
00:00:00