Authenticated Remote Code Execution in OpenMRS

Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat the increase in attacks against medical and testing facilities. We decided quickly that doing some form of hack-a-thon on OpenMRS (an open medical records system) would help us learn ... Read More

Contrast Labs: Apache Struts CVE-2019-0230 and How to Block Attacks

Note: Special thanks to Alvaro Muñoz ( for correcting us on some very important technical facts in our original copy of this blog ... Read More

Contrast Labs: Jenkins Maven HPI Plugin Exposes Developer Laptops

As is the case with the development team at Contrast Security, many development teams develop custom Jenkins plugins. In doing so, you probably find value in the maven-hpi-plugin project. The Jenkins Maven HPI Plugin hpi:run target initializes a local Jetty HTTP server with the current plugin project for development testing ... Read More