CVE-2022-45130 CSRF attack possible via the /api/v2/cli/commands REST API.
If you have installed Obsidian on your server, it is critical that you review the list of REST API endpoints, as there is a risk
CVE-2022-31690: Spring Security Privilege Escalation Vulnerability in OAuth2 Access Token Response
This long-read blog post aims to shed light on a recent vulnerability, identified by the Common Vulnerabilities and Exposures ID CVE-2022-31690, in the Spring Security
CVE-2022-42466 An end user could set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value is saved.
This issue only occurred when the domain object was created via the API. When creating an instance via the REST API or the query builder,
CVE-2022-42980 go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
If you are using the GoCD, then you do not have to worry about this. The GO-CD will generate a new JWT for you with
CVE-2022-39222 Dex is an identity service that uses OpenID Connect to drive authentication for other apps
When installing a new app that requires OAuth 2.0, the user has to accept the terms and conditions of the app by tapping on
Episode
00:00:00
00:00:00