Resource validation in error messaging (CVE-2022-2508)

Read More

Session cookie date isn't validated against server policy (CVE-2022-2782)

Read More

Git connection checker can initiate an SMB connection leading to NTLM relay attack (CVE-2022-2780)

Read More

User without team permission can obtain teams along with its members, description and permissions associated through API request (CVE-2022-2828)

Read More

Sensitive value will only be partially masked when certain substrings exist in the set (CVE-2022-2720)

Read More

Session cookie can be used as the CSRF token (CVE-2022-2783)

Read More

Encrypted variables and session cookies use the same encryption process (CVE-2022-2781)

Read More

Login password rate limit can be bypassed with null bytes (CVE-2022-2778)

Read More

Space ID is revealed in error messages when the resource is part of another space (CVE-2022-2760)

Read More

Service Account with FeedView permission can upload to built-in feed after re-indexing packages (CVE-2022-2528)

Read More