Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
Application Security

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

David Yesland
May 24, 2022

Bonita Web 2021.2 is affected by an authentication/authorization bypass vulnerability due to an overly broad filter pattern used in the API authorization filters.
By appending a crafted string to the API URL, users with no privileges can…

Read more
Cloud Security

CloudGoat goes Serverless:
A walkthrough of Vulnerable Lambda Functions

AWS

CVE-2022-25165:
Privilege Escalation to SYSTEM in AWS VPN Client

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
API
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Google Cloud
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
Uncategorized
Penetration Testing

CVE-2022-25372:
Local Privilege Escalation in Pritunl VPN Client

David Yesland
April 5, 2022

The Pritunl VPN Client service is vulnerable to an arbitrary file write as SYSTEM on Windows. This is due to insecure directory permissions on the Pritunl ProgramData folder. The arbitrary file write is then able to be leveraged for full…

Read more