Target Discovery prints certain sensitive values in plain-text when verbose logging is enabled (CVE-2022-2721)

Read More

Session cookie date isn't validated against server policy (CVE-2022-2782)

Read More

User without team permission can obtain teams along with its members, description and permissions associated through API request (CVE-2022-2828)

Read More

Sensitive value will only be partially masked when certain substrings exist in the set (CVE-2022-2720)

Read More

Session cookie can be used as the CSRF token (CVE-2022-2783)

Read More

Encrypted variables and session cookies use the same encryption process (CVE-2022-2781)

Read More

Service Account with FeedView permission can upload to built-in feed after re-indexing packages (CVE-2022-2528)

Read More

ReDoS in Build Information request (CVE-2022-2075)

Read More

ReDoS in Package Upload Files (CVE-2022-2049)

Read More

Sensitive variable value displayed in Variable Preview (CVE-2022-1901)

Read More