Rhino Security Labs

Strategic Blog

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

David Yesland
May 24, 2022

Bonita Web 2021.2 is affected by an authentication/authorization bypass vulnerability due to an overly broad filter pattern used in the API authorization filters.
By appending a crafted string to the API URL, users with no privileges can…

CVE-2022-25372:
Local Privilege Escalation in Pritunl VPN Client

Working-As-Intended:
RCE to IAM Privilege Escalation in GCP Cloud Build

The Capital One Breach
& “cloud_breach_s3” CloudGoat Scenario

Jeffrey Anderson

Cloud security, specifically AWS security, is once again in the news. This time it’s a major breach at banking giant Capital One. With 100 million customers affected, it ranks as one of the largest data breaches to date. Capital One now…