Rhino Security Labs

Strategic Blog

Technical Strategic Technical & Strategic Both
Application Security

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

David Yesland

Bonita Web 2021.2 is affected by an authentication/authorization bypass vulnerability due to an overly broad filter pattern used in the API authorization filters.
By appending a crafted string to the API URL, users with no privileges can…

Read more
Application Security

Escalating AWS IAM Privileges with an
Undocumented CodeStar API

Application Security

AWS IAM Privilege Escalation – Methods and Mitigation

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
Application Security

Amazon’s AWS Misconfiguration:
Arbitrary Files Upload in Amazon Go

Spencer Gietzen

Earlier this year, Amazon introduced Amazon Go, a brand-new kind of grocery store featuring automated check-out lines and no cashiers! These stores are poised to revolutionize the way that people shop for groceries.
On a very high level,…

Read more