CVE-2024-45031 in the IAM solution Apache Syncope allows a low-privileged attacker to inject an XSS payload in a self-registration/self-service portal. The payload executes in a high-privilege context of an administrative portal, enabling privilege escalation through session riding against system administrators.| Omegapoint Security Blog
This blog covers several potential security issues that were identified in TruffleHog v3; an open source secret scanner. The issues were reported to Truffle Security, the team behind TruffleHog in December 2023.| securityblog.omegapoint.se
CVE-2023-6927 Keycloak vulnerability allows bypassing redirect URI validation which can be used as a vector for stealing authorization codes, access tokens and be used to redirect victims to arbitrary hosts.| securityblog.omegapoint.se
In this blog, we'll dive deeply into two potential security issues that Omegapoint identified in AWS API Gateway authorizers. We reported these issues to AWS in November 2022 and January 2023. AWS rolled out mitigations to all AWS customer accounts in May 2023.| securityblog.omegapoint.se
[RFC Home] [TEXT|PDF|HTML] [Tracker] [IPR] [Errata] [Info page] | www.rfc-editor.org