Write Up

Advisory

CVE-2021-3429 cloud-init exposed credentials under certain conditions

Vendor: CanonicalProduct: cloud-initCategory: CWE-200 Information ExposureVersion: v21.1 and belowFixed: v21.1.19CVE: CVE-2021-3429 Summary Cloud-init enables engineers to automate operating system configuration, primarily within different cloud environments. Cloud-init can also function as a standalone configuration tool independent of any cloud provider. Cloud-init includes an optional configuration module, chpasswd, which sets passwords for Read more…

By cpearson, 3 years3 years ago

Google Docs clipboard leak

Vendor: GoogleProduct: Docs Android appVersion: 1.20.302.01.40Platform: AndroidReported: 7/11/2020Fixed: 8/26/2020CVE: N/A This write-up covers a low-severity vulnerability found in Google Docs Android app. Hope it is of interest! Quick primer on Android app security. An Android app can use a framework, content providers, to make data available to other internal components Read more…

By cpearson, 4 years4 years ago

Write Up

Account Hijacking – Integria IMS

Most of the vulnerabilities I uncover fit neatly into a particular category like XSS, SQLi, or buffer overflow. Sometimes, though, looking outside the box can yield interesting finds. In this post I’ll discuss one such vulnerability I discovered in the community edition of Integria IMS server, a PHP-based IT helpdesk Read more…

By cpearson, 6 years4 years ago

Write Up

Walkthrough of a security vulnerability

Advisory

CVE-2021-3429 cloud-init exposed credentials under certain conditions

Write Up

Google Docs clipboard leak

Write Up

Account Hijacking – Integria IMS