1382 matches found
CVE-2019-16573
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Design/Logic Flaw
A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-16574
A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-16574
CVE-2019-16574 affects the Jenkins Alauda DevOps Pipeline Plugin up to version 2.3.2. The root cause is a missing permission check that allows attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs, thereby potentially capturing credentials st...
CVE-2019-16573
The CVE-2019-16573 entry concerns a cross-site request forgery in the Jenkins Alauda DevOps Pipeline Plugin (version 2.3.2 and earlier). The vulnerability permits an attacker to cause the Jenkins instance to connect to an attacker‑specified URL using attacker‑specified credentials IDs, which can ...
CVE-2019-16573
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Insufficiently Protected Credentials
A missing permission check in Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross-Site Request Forgery (CSRF)
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
PT-2019-14729 · Jenkins · Jenkins Alauda Devops Pipeline Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Alauda DevOps Pipeline Plugin versions 2.3.2 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
PT-2019-14728 · Jenkins · Jenkins Alauda Devops Pipeline Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Alauda DevOps Pipeline Plugin versions 2.3.2 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...
CyberRange - The Open-Source AWS Cyber Range
This CyberRange project represents the first open-source Cyber Range blueprint in the world. This project provides a bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using the AWS Cloud. This project contains...
GitLab Doles Out Half a Million Bucks to White Hats
GitLab has awarded a total of $565,650 in security bug bounties to 171 researchers who reported valid vulnerabilities in the past year — and has announced the winners of its latest hacking contest. GitLab, which started out as a web-based Git repository manager before moving into the DevOps...
Streamlining and Automating Compliance
There are seemingly countless regulatory and industry frameworks out there that organizations have to navigate and comply with. SOX Sarbanes-Oxley, PCI-DSS Payment Card Industry Data Security Standard, GDPR General Data Protection Regulation, HIPAA Health Insurance Portability and Accountability...
Trend Micro launches Trend Micro Cloud One™, a leading security services platform for cloud builders
Everything you need for cloud security Today, Trend Micro is excited to announce the launch of Trend Micro Cloud One, our new security services platform for cloud builders. This powerful new platform will help our customers simplify their hybrid and multi-cloud security. Cloud One gives you the...
What DevOps trends to follow (and what to ignore)
Cut through the fluff and get to the heart of which DevOps trends are worth hitching your wagon or budget to in the coming years—and which should be marked with a hazard warning. From containers to chaos engineering, here are the DevOps trends to trash and the ones you'll want to go fanboy on." T...
Imperva RASP Now Supports .NET Core Apps for Security by Default
We at Imperva are proud to announce that we now support the .NET Core development platform, securing apps written in .NET Core with our industry-leading RASP solution. Support for .NET Core expands our market-leading, full-stack application security solution to apps at the heart of digital...
Introducing Serverless Computing at the Edge with Akamai EdgeWorkers
For the first time, Akamai is introducing an all-new serverless compute capability to help you customize web traffic, expanding the possibilities of personalized engagement with your customers while putting the flexibility and control in the hands of your developers. Developers can now manipulate...
The vulnerability of the software development tools Team Foundation Server and Azure DevOps Server lies in insufficient validation of input data, allowing a hacker to execute arbitrary code.
The vulnerability of software development tools such as Team Foundation Server and Azure DevOps Server is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created file...
The vulnerability of the Team Foundation Server and Azure DevOps Server software development tools lies in the lack of protective measures for the website structure, allowing attackers to execute cross-site scripting attacks.
The vulnerability of the Team Foundation Server and Azure DevOps Server software development tools is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform a cross-site scripting attack remotely...