Tag

#Security Vulnerability

Understanding the @hulumi/policies Vulnerability: Bypassing IAM Role Policy Checks with Multiple OIDC Providers

A vulnerability in @hulumi/policies allows IAM roles with multiple OIDC providers to bypass policy checks, potentially leading to overly permissive access. The issue was fixed in version 1.4.0.

Jun 11, 20261 source

articleCRITICAL 9.0

Froxlor API Authentication Bypass: A Critical Vulnerability Allowing 2FA Bypass

A critical vulnerability was discovered in Froxlor's API authentication mechanism, allowing an attacker to bypass Two-Factor Authentication (2FA) when an API key and secret are compromised.

Jun 4, 20261 source

blogCRITICAL 9.1

The Importance of Out-of-Band Approval in Federation Peer Registration

A recent security advisory revealed a vulnerability in stigmem-node's federation peer registration process, which lacked explicit out-of-band approval. This vulnerability had a severity score of 9.1 and could be exploited if initial registration was intercepted or misdirected. The issue has been patched in version 0.9.0a2.

Jun 1, 20261 source