CVE-2022-42980 go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
If you are using the GoCD, then you do not have to worry about this. The GO-CD will generate a new JWT for you with
CVE-2022-39222 Dex is an identity service that uses OpenID Connect to drive authentication for other apps
When installing a new app that requires OAuth 2.0, the user has to accept the terms and conditions of the app by tapping on
CVE-2020-15331 Zyxel CloudCNM has a hardcoded OAUTH_SECRET_KEY in SecuManager 3.1.0 and 3.1.1.
This can be a problem when upgrading from version 3.0.x as the version 3.0.x shipped with a hardcoded OAUTH_SECRET_KEY
CVE-2022-22526 Gavazzi UWP3.0 and CPY Car Park Server 2.8.3 have missing authentication, which allows for full access via API.
To avoid this, you have to force authentication by adding a domain name and password to your API requests. For example: /v2/cars/{id}/drive/
CVE-2022-2860 In Chrome prior to 104.0.5112.101, insufficient policy enforcement allowed a remote attacker to bypass cookie prefix restrictions.
This issue was fixed by updating Google Chrome to version 104.0.2.
Redirect injection via extensions in Google Chrome prior to version 104.0.
Episode
00:00:00
00:00:00