EUVD-2020-23900

Malware in sbrugna...

Allow HTTP Strict Transport Security (HSTS) to be configured in Bamboo 10

h3. Issue Summary This is reproducible on Data Center: / Up until Bamboo 9.6, HTTP Strict Transport Security|https://tools.ietf.org/html/rfc6797 was configurable in Bamboo by following the steps outlined in this KB article: How do I enable HSTS and other HTTP Security Headers in Bamboo Data...

Internet Bug Bounty: Misconfiguration in AWS CloudFront CDN configuration makes rubygems.org serve (and cache) content from a unclaimed S3-bucket

A misconfiguration in the AWS CloudFront CDN configuration for rubygems.org caused content to be served from an unclaimed S3 bucket. This could have enabled an attacker to serve malicious content and affect availability. Artifactory instances were observed accessing files, presenting a potential...

Rapid7 Announces Release of New tCell Amazon CloudFront Agent

Cloud-native approaches to building, hosting, and delivering web applications are growing rapidly. Content delivery networks CDNs such as Amazon CloudFront are on the rise, pushing content closer to end users to improve the performance of web applications. To protect web applications security tea...

Uber: Disclosure of Co-Rider user (Uber-pooling) profile picture at Amazon AWS Cloudfront within HTTP RESPONSE

After booking a shared ride, an attacker is able to access the profile picture of a co-rider. It is possible during the trip to view the co-rider's picture...