GHSA-x52f-h5g4-8qv5: Marp Core allows XSS by improper neutralization of HTML sanitization

GHSA-76h9-2vwh-w278: Apache MINA Deserialization RCE Vulnerability

GHSA-vm62-9jw3-c8w3: Gogs has an argument Injection in the built-in SSH server

GHSA-9pp6-wq8c-3w2c: Gogs allows argument injection during the previewing of changes

GHSA-ccqv-43vm-4f3w: Gogs allows deletion of internal files

Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication (2FA) bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the `develop` branch and is expected to be part of version 2.2.2.

**Cockpit Content Platform vulnerable to 2FA bypass**

High severity GitHub Reviewed Published Aug 16, 2022 • Updated Aug 18, 2022

Headline

GHSA-8wj3-cpmr-8whp: Cockpit Content Platform vulnerable to 2FA bypass

Related news

ghsa: Latest News