Lucene search
K

1393 matches found

Prion
Prion
added 2023/05/17 6:15 p.m.989 views

Cross site request forgery (csrf)

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impa...

5CVSS5.1AI score0.0068EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2023/05/17 11:54 a.m.3 views

Identifying a Patch Management Solution: Overview of Key Criteria

Software is rarely a one-and-done proposition. In fact, any application available today will likely need to be updated – or patched – to fix bugs, address vulnerabilities, and update key features at multiple points in the future. With the typical enterprise relying on a multitude of applications,...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/09 12:54 p.m.14 views

Product Security: Harnessing the Collective Experience and Collaborative Tools in DevSecOps

In the fast-paced cybersecurity landscape, product security takes center stage. DevSecOps swoops in, seamlessly merging security practices into DevOps, empowering teams to tackle challenges. Let's dive into DevSecOps and explore how collaboration can give your team the edge to fight cyber villain...

6.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/04 2:36 p.m.4 views

Malicious code in eu.tsystems.mms.tic.testerra.plugins.azuredevops.tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3ba3635b5a021d627f0f232cf46f53846cc953c75659700eae5ee919ebfca455 The OpenSSF Package Analysis project identified 'eu.tsystems.mms.tic.testerra.plugins.azuredevops.tests' @ 1.0.0 npm as malicious. It is...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/04/25 1:4 p.m.26 views

Imperva Unveils Latest API Security Enhancements

Imperva is continuing to evolve its API Security offering to help customers better protect their APIs, wherever they are, and to meet changing market requirements. Since launching API Security in March 2022, we continued investing in our API Security offering with the goal of simplifying the...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/17 1:32 p.m.17 views

What's the Difference Between CSPM & SSPM?

Cloud Security Posture Management CSPM and SaaS Security Posture Management SSPM are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are used interchangeably, this confusion...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.24 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....

8.8CVSS5.9AI score0.0078EPSS
Exploits0References21
OSV
OSV
added 2023/04/12 6:30 p.m.19 views

GHSA-V5HQ-CQQR-6W4G Jenkins Kubernetes Plugin does not properly mask credentials

Multiple Jenkins plugins do not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent typically inside a node block. -...

4.3CVSS7.5AI score0.00491EPSS
Exploits0References3
OSV
OSV
added 2023/04/12 6:30 p.m.21 views

GHSA-F244-F9FC-W6FQ Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials

Multiple Jenkins plugins do not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent typically inside a node block. -...

4.3CVSS7.5AI score0.00399EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/04/12 6:30 p.m.30 views

Jenkins Azure Key Vault Plugin does not properly mask credentials

Multiple Jenkins plugins do not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent typically inside a node block. -...

7.5CVSS7.5AI score0.00491EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/12 6:30 p.m.35 views

Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials

Multiple Jenkins plugins do not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent typically inside a node block. -...

7.5CVSS7.5AI score0.00491EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/04/12 6:15 p.m.12 views

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.5CVSS7.6AI score0.00399EPSS
Exploits0References2
OSV
OSV
added 2023/04/12 6:15 p.m.6 views

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.5CVSS7.1AI score0.00399EPSS
Exploits0References2
Prion
Prion
added 2023/04/12 6:15 p.m.19 views

Design/Logic Flaw

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

5CVSS7.5AI score0.00399EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/12 5:5 p.m.17 views

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.7AI score0.00399EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/12 5:5 p.m.9 views

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.1AI score0.00399EPSS
Exploits0References2
CVE
CVE
added 2023/04/12 5:5 p.m.55 views

CVE-2023-30515

CVE-2023-30515 affects Jenkins Thycotic DevOps Secrets Vault Plugin, 1.0.0 and earlier, where credentials are not properly masked in build logs when push mode for durable task logging is enabled. The available documents confirm this vulnerability exists in the Thycotic plugin (CVE-2023-30515) and...

7.5CVSS7.4AI score0.00399EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/04/12 12:0 a.m.5 views

Jenkins Plugin Thycotic DevOps Secrets Vault 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

7.5CVSS7.3AI score0.00399EPSS
Exploits0References4
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/04/06 5:0 p.m.32 views

DevOps threat matrix

The use of DevOps practices, which enable organizations to deliver software more quickly and efficiently, has been on the rise. This agile approach minimizes the time-to-market of new features and bug fixes. More and more companies are implementing DevOps services, each with its own infrastructur...

8.3AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/04/06 5:0 p.m.23 views

DevOps threat matrix

The use of DevOps practices, which enable organizations to deliver software more quickly and efficiently, has been on the rise. This agile approach minimizes the time-to-market of new features and bug fixes. More and more companies are implementing DevOps services, each with its own infrastructur...

8.3AI score
Exploits0
Rows per page
Query Builder