Rhino Security Labs

Strategic Blog

Technical Strategic Technical & Strategic Both
Application Security

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

David Yesland
May 24, 2022

Bonita Web 2021.2 is affected by an authentication/authorization bypass vulnerability due to an overly broad filter pattern used in the API authorization filters.
By appending a crafted string to the API URL, users with no privileges can…

Read more
Penetration Testing

CVE-2022-25372:
Local Privilege Escalation in Pritunl VPN Client

GCP

Working-As-Intended:
RCE to IAM Privilege Escalation in GCP Cloud Build

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
AWS

The Capital One Breach
& “cloud_breach_s3” CloudGoat Scenario

Jeffrey Anderson

Cloud security, specifically AWS security, is once again in the news. This time it’s a major breach at banking giant Capital One. With 100 million customers affected, it ranks as one of the largest data breaches to date. Capital One now…

Read more