Rhino Security Labs

Strategic Blog

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

David Yesland
May 24, 2022

Bonita Web 2021.2 is affected by an authentication/authorization bypass vulnerability due to an overly broad filter pattern used in the API authorization filters.
By appending a crafted string to the API URL, users with no privileges can…

Local Privilege Escalation in Pritunl VPN Client

RCE to IAM Privilege Escalation in GCP Cloud Build

The Capital One Breach
& “cloud_breach_s3” CloudGoat Scenario

Jeffrey Anderson

Cloud security, specifically AWS security, is once again in the news. This time it’s a major breach at banking giant Capital One. With 100 million customers affected, it ranks as one of the largest data breaches to date. Capital One now…