1393 matches found
CVE-2023-25722
A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...
Code injection
A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...
PT-2023-20274 · Veracode · Veracode Azure Devops Extension +2
Name of the Vulnerable Software and Affected Versions: Veracode Scan Jenkins Plugin versions prior to 23.3.19.0 Veracode Azure DevOps Extension versions prior to 3.20.0 Description: A credential-leak issue was discovered in related Veracode products. The Veracode Scan Jenkins Plugin, when...
CVE-2023-25722
A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...
CVE-2023-25722
Summary of concrete details (CVE-2023-25722) Multiple connected sources document a credential-leak vulnerability in Veracode integrations. The affected components include: Veracode Scan Jenkins Plugin prior to 23.3.19.0 when configured for remote agent jobs (and when using proxy with credentials)...
The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP)
With digital transformation in the face of macroeconomic pressures, strategies to optimize both cloud environments and cloud security are increasingly appealing to enterprises. Organizations worry about vulnerabilities in code getting deployed, critical misconfigurations, overprivileged access to...
The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP)
With digital transformation in the face of macroeconomic pressures, strategies to optimize both cloud environments and cloud security are increasingly appealing to enterprises. Organizations worry about vulnerabilities in code getting deployed, critical misconfigurations, overprivileged access to...
LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach
The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged...
LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults
LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home compute...
LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults
LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home compute...
Common Cloud Configuration Errors & Fixes
Cloud configuration errors are a major concern for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve them...
The vulnerability of Azure DevOps Server lies in insufficient input validation, which allows attackers to execute arbitrary code.
The vulnerability of Azure DevOps Server is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created file...
Microsoft Team Foundation Server and Azure DevOps Server 2020 RCE
The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by a remote code execution vulnerability. Note all systems require a manual process of applying new resource group tasks. Nessus is unable to detect the state of the tasks at this...
The vulnerability of the Azure DevOps Server software, related to improper code generation management, allows a attacker to execute arbitrary code.
The vulnerability of Azure DevOps Server lies in improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
CVE-2023-21553
Azure DevOps Server Remote Code Execution Vulnerability...
CVE-2023-21553
Azure DevOps Server Remote Code Execution Vulnerability...
CVE-2023-21553
Azure DevOps Server Remote Code Execution Vulnerability...
Remote code execution
Azure DevOps Server Remote Code Execution Vulnerability...
CVE-2023-21564
Azure DevOps Server Cross-Site Scripting Vulnerability...
CVE-2023-21564
Azure DevOps Server Cross-Site Scripting Vulnerability...