Posts by:

Maneesha Mariam

Kubernetes Security – Introduction to Attack Vectors

Overview :

Kubernetes helps the enterprises to automate their application deployment for the business benefits. Now-a-days Kubernetes security can be considered as a critical component for all deployments because the new deployments might be vulnerable to attacks and exploits from hackers or insiders. Different kind of attacks will be launched against new container based virtualized environments. (in both private and public clouds.)

Read more

HTTP Prototype Pollution and CVE-2020-7703

Prototype Pollution

Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype.

Read more

Jira – Open redirect vulnerability using os_destination

 
CVE-2019-20901
Proof of Concept :

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.

Read more