Clint Kehr

CVE-2024-23897 is a critical security flaw affecting Jenkins, a Java-based open-source automation server widely used for application building, testing, and deployment. It allows unauthorized access to files through the Jenkins integrated command line interface (CLI), potentially leading to remote code execution (RCE).

CVE-2024-27198 is a critical vulnerability in JetBrains TeamCity, a Java-based open-source automation server used for application building. This flaw allows remote, unauthorized attackers to circumvent authentication, thereby gaining admin control over the server. All versions of TeamCity On-Premises up to 2023.11.3 are affected.

CVE-2024-21626 is a severe vulnerability affecting all versions of runc up to 1.1.11, a critical component utilized by Docker and other containerization technologies like Kubernetes. This vulnerability enables an attacker to escape from a container to the underlying host operating system. Put on your red team hat to exploit this vulnerability.

‍

CVE-2023-27524 is a critical vulnerability in Apache Superset, affecting versions up to 2.0.1. It enables attackers to bypass authentication by exploiting weak or default SECRET_KEY values. Attackers can forge session cookies to gain admin access, leading to potential remote code execution and unauthorized data access.

‍

Confluence suffers from a Broken Access Control vulnerability that affects Data Center and Server versions 8.0.0 to 8.3.2, 8.4.0 to 8.4.2, and 8.5.0 to 8.5.1. Threat actors exploit this vulnerability to obtain administrator access to Confluence servers. Put on your Red Team hat to create your own malicious admin account leveraging this CVE!