A cool bug that can inject a new user with controlled SSH key into a compute instance and the request doing this can be reached via a GET request with no anti-CSRF token.
Vulnerabilities tagged "auth-bypass"
Two vulnerabilities, the first an insecure activity is exposed that allows other applications to automatically install any application on the Galaxy Store, the secondis a filter bypass which can lead to navigating the CloudGame webview to an untrusted domain.
Some funny vulns in an undisclosed forum's "teams" feature where users could create their own teams and request to join others as different roles.Users could request to join a team as any non-admin role, and a team admin could accept the request...
A post by project zero on a vuln in a new library used for DER entitlements.Entitlements are Apple's fine-grained permission system and essentially define what capabilities an app or service has...
A total of either issues impacting various companies in the automotive industry, mix of issues from simple SQL injection to some interesting Single Sign On (SSO) implementation decisions.
The title is all you really need on this one, the OTP was reflected in the cookies so no need to actually receive it.
[Hyundai] Remotely control the locks, engine, horn, headlights, and trunk of vehicles made after 2012.
An email normalization issue allowing for remote control of a vehicle.
This blogpost is essentially using a previous sandbox escape they discovered against Backstage, which is Spotify's incubated solution for managing infrastructure and microservices and such.Backstage includes software templates, which can contain ` message` parameter that gets rendered in Nunjucks (a JS templating engine)...
Its the description that caught my eye on this one, a race condition leading to authentication bypass.
Bypassing an authentication check in AWS AppSync by changing the case of a JSON key.