Understanding Improper Authorization in DevGuard: A Public Asset Security Risk
This blog post explains a security vulnerability in DevGuard, specifically an improper authorization issue affecting public assets. The vulnerability allows any authenticated user to create, update, and delete VEX rules and other vulnerability-triage write endpoints on public assets, impacting the integrity of the vulnerability picture.