Lucene search
K

1382 matches found

OSV
OSV
added 2019/12/17 3:15 p.m.15 views

CVE-2019-16573

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.4AI score
Exploits0References2
Prion
Prion
added 2019/12/17 3:15 p.m.13 views

Design/Logic Flaw

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS6.3AI score0.00852EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/12/17 3:15 p.m.16 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8CVSS8.5AI score0.00691EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.34 views

CVE-2019-16574

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.3AI score0.00852EPSS
Exploits0References2
CVE
CVE
added 2019/12/17 2:40 p.m.72 views

CVE-2019-16574

CVE-2019-16574 affects the Jenkins Alauda DevOps Pipeline Plugin up to version 2.3.2. The root cause is a missing permission check that allows attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs, thereby potentially capturing credentials st...

6.5CVSS6.2AI score0.00852EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/12/17 2:40 p.m.64 views

CVE-2019-16573

The CVE-2019-16573 entry concerns a cross-site request forgery in the Jenkins Alauda DevOps Pipeline Plugin (version 2.3.2 and earlier). The vulnerability permits an attacker to cause the Jenkins instance to connect to an attacker‑specified URL using attacker‑specified credentials IDs, which can ...

8.8CVSS8.5AI score0.00691EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.21 views

CVE-2019-16573

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.7AI score0.00691EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2019/12/17 12:0 a.m.28 views

Insufficiently Protected Credentials

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS4.6AI score0.00852EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2019/12/17 12:0 a.m.19 views

Cross-Site Request Forgery (CSRF)

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS4.6AI score0.00691EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/12/17 12:0 a.m.6 views

PT-2019-14729 · Jenkins · Jenkins Alauda Devops Pipeline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Alauda DevOps Pipeline Plugin versions 2.3.2 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

6.5CVSS6.2AI score0.00852EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/12/17 12:0 a.m.4 views

PT-2019-14728 · Jenkins · Jenkins Alauda Devops Pipeline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Alauda DevOps Pipeline Plugin versions 2.3.2 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...

8.8CVSS8.5AI score0.00691EPSS
Exploits0References5
Kitploit
Kitploit
added 2019/12/14 11:30 a.m.235 views

CyberRange - The Open-Source AWS Cyber Range

This CyberRange project represents the first open-source Cyber Range blueprint in the world. This project provides a bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using the AWS Cloud. This project contains...

7.5AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/12/13 9:45 p.m.81 views

GitLab Doles Out Half a Million Bucks to White Hats

GitLab has awarded a total of $565,650 in security bug bounties to 171 researchers who reported valid vulnerabilities in the past year — and has announced the winners of its latest hacking contest. GitLab, which started out as a web-based Git repository manager before moving into the DevOps...

8.2AI score
Exploits0References11
Qualys Blog
Qualys Blog
added 2019/12/03 9:2 p.m.30 views

Streamlining and Automating Compliance

There are seemingly countless regulatory and industry frameworks out there that organizations have to navigate and comply with. SOX Sarbanes-Oxley, PCI-DSS Payment Card Industry Data Security Standard, GDPR General Data Protection Regulation, HIPAA Health Insurance Portability and Accountability...

0.1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/11/18 3:45 p.m.57 views

Trend Micro launches Trend Micro Cloud One™, a leading security services platform for cloud builders

Everything you need for cloud security Today, Trend Micro is excited to announce the launch of Trend Micro Cloud One, our new security services platform for cloud builders. This powerful new platform will help our customers simplify their hybrid and multi-cloud security. Cloud One gives you the...

7.4AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2019/10/25 1:41 a.m.55 views

What DevOps trends to follow (and what to ignore)

Cut through the fluff and get to the heart of which DevOps trends are worth hitching your wagon or budget to in the coming years—and which should be marked with a hazard warning. From containers to chaos engineering, here are the DevOps trends to trash and the ones you'll want to go fanboy on." T...

1.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/10/24 4:33 p.m.49 views

Imperva RASP Now Supports .NET Core Apps for Security by Default

We at Imperva are proud to announce that we now support the .NET Core development platform, securing apps written in .NET Core with our industry-leading RASP solution. Support for .NET Core expands our market-leading, full-stack application security solution to apps at the heart of digital...

7.4AI score
Exploits0
Akamai Blog
Akamai Blog
added 2019/10/11 8:0 p.m.128 views

Introducing Serverless Computing at the Edge with Akamai EdgeWorkers

For the first time, Akamai is introducing an all-new serverless compute capability to help you customize web traffic, expanding the possibilities of personalized engagement with your customers while putting the flexibility and control in the hands of your developers. Developers can now manipulate...

0.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/10/01 12:0 a.m.7 views

The vulnerability of the software development tools Team Foundation Server and Azure DevOps Server lies in insufficient validation of input data, allowing a hacker to execute arbitrary code.

The vulnerability of software development tools such as Team Foundation Server and Azure DevOps Server is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created file...

10CVSS6AI score0.15913EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/10/01 12:0 a.m.7 views

The vulnerability of the Team Foundation Server and Azure DevOps Server software development tools lies in the lack of protective measures for the website structure, allowing attackers to execute cross-site scripting attacks.

The vulnerability of the Team Foundation Server and Azure DevOps Server software development tools is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform a cross-site scripting attack remotely...

5.5CVSS5.1AI score0.01432EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder