Owncast, EaseProbe security vulnerabilities revealed

Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go. Owncast … Continue reading Owncast, EaseProbe security vulnerabilities revealed

HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620)

Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API encryption keys, passwords, and certificates. The vulnerability was an SQL injec… Continue reading HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620)

Cloud-native application adoption puts pressure on appsec teams

Oxeye revealed five predictions expected to shape enterprise security spending in 2023. The predictions follow industry-wide research, which shows the industry is shifting away from legacy software infrastructure and standardizing on cloud-native appli… Continue reading Cloud-native application adoption puts pressure on appsec teams

Critical vulnerability in Spotify’s Backstage discovered, patched

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Githu… Continue reading Critical vulnerability in Spotify’s Backstage discovered, patched

Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)

Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they i… Continue reading Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)

High severity vulnerabilities found in Harbor open-source artifact registry

Oxeye security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities (CVE-2022-31671, CVE-2022-31666, CVE-2022-31670, CVE-2022-31669, CVE-2022-31667) in CNCF-graduated project Har… Continue reading High severity vulnerabilities found in Harbor open-source artifact registry

“ParseThru” vulnerability allows unauthorized access to cloud-native applications

A new vulnerability found in GoLang-based applications allows a threat actor to bypass validations under certain conditions and gain unauthorized access to cloud-native applications, Oxeye researchers have found. The source of “ParseThru” &… Continue reading “ParseThru” vulnerability allows unauthorized access to cloud-native applications

Take a dev-centric approach to cloud-native AppSec testing

The era of the cloud-native application is well and truly upon us: IDC researchers have predicted that by 2023, more that 500 million apps will be developed using cloud-native approaches! While some applications are still being built on a monolithic (a… Continue reading Take a dev-centric approach to cloud-native AppSec testing

Product showcase: Oxeye.io – Cloud native application security testing

Delivering secure applications requires tooling built for automation in the modern tech stack. Oxeye provides a cloud-native application security testing solution that is designed to overcome the challenges imposed by the complex nature of modern archi… Continue reading Product showcase: Oxeye.io – Cloud native application security testing