HTB Blog > CVE Explained All the latest news and insights about cybersecurity from Hack The Box. Hacking trends, insights, interviews, stories, and much more
- Reading arbitrary files via Jenkins’ CLI: CVE-2024-23897 explainedon November 6, 2024 at 3:55 pm
In January 2024, Sonar’s Vulnerability Research identified a new vulnerability in Jenkins that could allow an attacker to read the first few lines of arbitrary files on servers…
- CVE-2024-27198 explained (TeamCity Auth Bypass)on September 3, 2024 at 2:56 pm
We deep dive into CVE-2024-27198, also known as the JetBrains TeamCity Multiple Authentication Bypass.
- CVE-2021-41773 explainedon July 3, 2024 at 10:48 am
An in-depth look at CVE-2021-41772: a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49.
- CVE-2022-29464 (WSO2) explainedon May 29, 2024 at 2:22 am
CVE-2022-29464 is a critical vulnerability that affected several web service integration products running on many sites.
- Openfire CVEs explained (CVE-2024-25420 & CVE-2024-25421)on March 26, 2024 at 11:20 am
An in-depth look at Openfire CVEs (CVE-2024-25420 & CVE-2024-25421): featuring two improper access control issues affecting the application.
- CVE-2022-0492 (Carpediem) explainedon December 26, 2023 at 2:20 am
An in-depth look at CVE-2022-0492: a container escape vulnerability that does not require a specific authorization capability to be granted to be exploited.
- Understanding CVE-2023-34362: A critical MOVEit Transfer vulnerabilityon October 16, 2023 at 9:14 am
CVE-2023-34362 is a significant vulnerability that could enable unauthenticated attackers to manipulate a business’s database through SQL injection.
- CVE-2022-30190 (Follina) explainedon October 16, 2023 at 9:05 am
Follina is a Microsoft Office vulnerability where the document uses the Word remote template feature to retrieve an HTML file from a remote web server, which in turn uses the ms-msdt MSProto
- Exploiting the Looney Tunables vulnerability on HTB (CVE-2023-4911)on October 11, 2023 at 9:43 am
A quick overview of the recently discovered vulnerability. Learn how you can practice exploiting (and defending against) the local privilege escalation attack on the HTB platform!
- CVE-2022-26923 (Certifried) explainedon August 22, 2023 at 9:54 am
CVE-2022-26923 is an Active Directory domain privilege escalation vulnerability that enables a privileged user to access the Domain Controller by abusing Active Directory Certificate Service