Jenkins Server Memory Corruption Vulnerability (CVE-2019-17638)

Overview Jenkins recently released updates for the critical memory corruption vulnerability (CVE-2019-17638) in the Jetty web server. Successful exploitation of this vulnerability may allow unauthenticated users to obtain sensitive information through HTTP response headers. Jenkins is typically run as a standalone application in its own process with the built-in Java servlet container or application server … Continue reading “Jenkins Server Memory Corruption Vulnerability (CVE-2019-17638)”

Google Chrome CSP Bypass Vulnerability (CVE-2020-6519)

Overview A Content Security Policy bypass vulnerability (CVE-2020-6519) exists in Google’s Chromium-based browsers, which could allow attackers to steal data and execute arbitrary codes. Content Security Policy (CSP) is a set of rules that helps detect which content sources can be trusted and which ones should be blocked. CSP helps  detect and mitigate certain types of … Continue reading “Google Chrome CSP Bypass Vulnerability (CVE-2020-6519)”