Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

F5 BIG-IP CVE-2022-1388 Explained: The iControl REST Authentication Bypass

CVE-2022-1388 is an authentication bypass in the F5 BIG-IP iControl REST interface that leads to unauthenticated remote code execution, rated CVSS 9.8. Here is the timeline, root cause, and patched versions.

Jul 6, 20266 min read
Vulnerability Analysis

Jenkins CLI Arbitrary File Read (CVE-2024-23897) Explained

CVE-2024-23897 turned a convenience feature in Jenkins' CLI argument parser into an arbitrary file read that can escalate to full RCE. Here's the mechanism and the fix.

Jul 6, 20265 min read
Vulnerability Analysis

VMware vCenter (CVE-2021-21985) Explained: The vSAN Plugin RCE

CVE-2021-21985 is a CVSS 9.8 unauthenticated RCE in VMware vCenter Server's vSAN Health plugin, enabled by default on every install. Here is how it works and the patched builds to run.

Jul 6, 20266 min read
Vulnerability Analysis

Confluence OGNL Injection (CVE-2022-26134) Explained

CVE-2022-26134 is a CVSS 9.8 unauthenticated OGNL injection in Atlassian Confluence, exploited as a zero-day before the patch. Here is how the flaw works and which versions fixed it.

Jul 5, 20266 min read
Vulnerability Analysis

Confluence CVE-2021-26084 Explained: The Webwork OGNL Injection RCE

CVE-2021-26084 is an unauthenticated OGNL injection in Confluence Server and Data Center that allows remote code execution, rated CVSS 9.8. Here is the timeline, root cause, detection, and patched versions.

Jul 5, 20265 min read
Vulnerability Analysis

GitLab Account Takeover via Password Reset (CVE-2023-7028) Explained

CVE-2023-7028 let attackers send GitLab password-reset links to an address they controlled — a zero-interaction account takeover scored 10.0. Here's the flaw and the fix.

Jul 5, 20265 min read
Vulnerability Analysis

MOVEit Transfer (CVE-2023-34362) Explained: The SQL Injection Behind the Cl0p Mass Breach

CVE-2023-34362 is a SQL injection in Progress MOVEit Transfer that let unauthenticated attackers reach the database and drop a web shell. Cl0p used it to breach thousands of organizations.

Jul 5, 20265 min read
Vulnerability Analysis

Shellshock (CVE-2014-6271) Explained: RCE Hiding in Bash Environment Variables

CVE-2014-6271, Shellshock, let attackers run commands by smuggling code into environment variables that Bash parsed as function definitions. Reachable over HTTP, DHCP, and SSH. Here is how.

Jul 5, 20265 min read
Vulnerability Analysis

Fastjson AutoType Bypass RCE (CVE-2022-25845) Explained

CVE-2022-25845 defeated Fastjson's autoType protection and reopened a deserialization RCE path. Here's how the bypass worked and how to lock the library down.

Jul 4, 20265 min read
Vulnerability Analysis

Follina (CVE-2022-30190) Explained: Code Execution From a Word Document With Macros Off

CVE-2022-30190, Follina, abused the Windows MSDT protocol handler so a Word document could run PowerShell — no macros, no enable-content click. Here is the ms-msdt mechanism.

Jul 4, 20265 min read
Vulnerability Analysis

FortiOS CVE-2024-21762 Explained: The SSL VPN Out-of-Bounds Write RCE

CVE-2024-21762 is a pre-authentication out-of-bounds write in the FortiOS SSL VPN daemon that allows remote code execution. Here is the timeline, root cause, detection, and the full list of fixed versions.

Jul 4, 20265 min read
Vulnerability Analysis

Baron Samedit (CVE-2021-3156) Explained: The Sudo Root Overflow

CVE-2021-3156, Baron Samedit, is a heap overflow in sudo that gives any local user root and hid in plain sight for nearly a decade. Here is the root cause, a one-line test, and the patched version.

Jul 4, 20266 min read
Vulnerability Analysis (Page 2) — Supply Chain Security Blog | Safeguard