Lucene search
K

1393 matches found

OSV
OSV
added 2023/03/28 8:15 p.m.6 views

CVE-2023-25722

A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...

5.5CVSS6.1AI score0.00206EPSS
Exploits0References2
Prion
Prion
added 2023/03/28 8:15 p.m.13 views

Code injection

A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...

1.7CVSS5.5AI score0.00206EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.7 views

PT-2023-20274 · Veracode · Veracode Azure Devops Extension +2

Name of the Vulnerable Software and Affected Versions: Veracode Scan Jenkins Plugin versions prior to 23.3.19.0 Veracode Azure DevOps Extension versions prior to 3.20.0 Description: A credential-leak issue was discovered in related Veracode products. The Veracode Scan Jenkins Plugin, when...

5.5CVSS5.3AI score0.00206EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/03/28 12:0 a.m.15 views

CVE-2023-25722

A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...

5.8AI score0.00206EPSS
Exploits0References2
CVE
CVE
added 2023/03/28 12:0 a.m.81 views

CVE-2023-25722

Summary of concrete details (CVE-2023-25722) Multiple connected sources document a credential-leak vulnerability in Veracode integrations. The affected components include: Veracode Scan Jenkins Plugin prior to 23.3.19.0 when configured for remote agent jobs (and when using proxy with credentials)...

5.5CVSS5.4AI score0.00206EPSS
Exploits0References2Affected Software1
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/03/22 5:0 p.m.17 views

The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP)

With digital transformation in the face of macroeconomic pressures, strategies to optimize both cloud environments and cloud security are increasingly appealing to enterprises. Organizations worry about vulnerabilities in code getting deployed, critical misconfigurations, overprivileged access to...

7.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/03/22 5:0 p.m.26 views

The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP)

With digital transformation in the face of macroeconomic pressures, strategies to optimize both cloud environments and cloud security are increasingly appealing to enterprises. Organizations worry about vulnerabilities in code getting deployed, critical misconfigurations, overprivileged access to...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/07 6:21 a.m.95 views

LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach

The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged...

7.2CVSS1.7AI score0.72936EPSS
Exploits4
The Hacker News
The Hacker News
added 2023/02/28 6:16 a.m.36 views

LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home compute...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/28 6:16 a.m.2 views

LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home compute...

7.8AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/02/21 12:0 a.m.8 views

Common Cloud Configuration Errors & Fixes

Cloud configuration errors are a major concern for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve them...

4.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/02/21 12:0 a.m.7 views

The vulnerability of Azure DevOps Server lies in insufficient input validation, which allows attackers to execute arbitrary code.

The vulnerability of Azure DevOps Server is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created file...

7.5CVSS7.7AI score0.01408EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/17 12:0 a.m.94 views

Microsoft Team Foundation Server and Azure DevOps Server 2020 RCE

The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by a remote code execution vulnerability. Note all systems require a manual process of applying new resource group tasks. Nessus is unable to detect the state of the tasks at this...

7.5CVSS8.6AI score0.01408EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.6 views

The vulnerability of the Azure DevOps Server software, related to improper code generation management, allows a attacker to execute arbitrary code.

The vulnerability of Azure DevOps Server lies in improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

7.5CVSS7.6AI score0.00887EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/02/14 9:15 p.m.6 views

CVE-2023-21553

Azure DevOps Server Remote Code Execution Vulnerability...

7.5CVSS7.2AI score0.01408EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/14 9:15 p.m.5 views

CVE-2023-21553

Azure DevOps Server Remote Code Execution Vulnerability...

7.5CVSS7.3AI score0.01408EPSS
Exploits0References1
NVD
NVD
added 2023/02/14 9:15 p.m.26 views

CVE-2023-21553

Azure DevOps Server Remote Code Execution Vulnerability...

7.5CVSS7.8AI score0.01408EPSS
Exploits0References1
Prion
Prion
added 2023/02/14 9:15 p.m.34 views

Remote code execution

Azure DevOps Server Remote Code Execution Vulnerability...

4.6CVSS7.9AI score0.01408EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/02/14 8:15 p.m.22 views

CVE-2023-21564

Azure DevOps Server Cross-Site Scripting Vulnerability...

7.1CVSS6.7AI score0.00887EPSS
Exploits0References1
OSV
OSV
added 2023/02/14 8:15 p.m.3 views

CVE-2023-21564

Azure DevOps Server Cross-Site Scripting Vulnerability...

7.1CVSS7.1AI score0.00887EPSS
Exploits0References1
Rows per page
Query Builder