Lucene search
K

1393 matches found

Rapid7 Blog
Rapid7 Blog
added 2021/05/07 6:5 p.m.38 views

The Evolution of DevOps in 2021

DevOps has long been a key tool in helping organizations reliably and rapidly deliver systems into production. While in the past, IT and software development teams suffered from lengthy processes and struggled to resolve incompatible priorities, now DevOps allows for easier collaboration, as well...

7.1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/05/06 12:0 a.m.9 views

Shift Left: Moving Container Security into the Dev, Test, and Build Process

Learn how you can use a DevOps methodology that optimizes application deployments and provides greater security for containers. This article explains how to move security into the container creation process in the DevOps workflow...

3.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/05/04 11:41 a.m.42 views

Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications

Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software code they utilize. With multiple code sources from multiple software vendors, the number of known and unknown vulnerabilities quickly grows beyond the capabilities of intern...

0.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/03 8:28 p.m.43 views

Securing Kubernetes Deployments From Runway to Takeoff

Kubernetes use is rising rapidly—according to a 2019 Cloud Native Computing Foundation CNCF survey, 78% of respondents say they use Kubernetes today 58% more respondents than the previous year. With numbers like those, it looks like everyone is headed toward the cloud. But as with any journey, yo...

Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/04/27 12:0 a.m.7 views

DevOps Teams can learn from Clubhouse compliance woes

As Clubhouse continues to launch new features and gain popularity, protecting sensitive data and adhering to compliance should be on everyone’s mind...

2.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/04/27 12:0 a.m.3 views

The vulnerability of the Team Foundation Services component of the Azure DevOps Server development tool allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Team Foundation Services component of the Azure DevOps Server development tool is related to errors in memory object handling. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information...

6.8CVSS6.5AI score0.02645EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/04/27 12:0 a.m.4 views

The vulnerability of the Azure DevOps Server software development tools, related to the lack of protective measures for website structures, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Azure DevOps Server software development tools is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.4CVSS6.3AI score0.02317EPSS
Exploits3References5Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2021/04/21 1:19 p.m.49 views

The Future is Friction-Free: Drive Innovation With DevOps + Security

Going from a centralized security group that dictates a “command and control” approach to cloud security toward a model of “trust but verify,” is at the core of the modern shift toward security-practice democratization. Organizational practices behind legacy, centralized data centers are being...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/04/16 12:0 a.m.119 views

Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (April 2021)

The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by multiple vulnerabilities. An attacker can exploit these to either perform actions with the privileges of another user or disclose sensitive information. Note all systems require...

6.5CVSS6.8AI score0.02645EPSS
Exploits3References3
0day.today
0day.today
added 2021/04/14 12:0 a.m.96 views

Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting Vulnerability

Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the HordeTextFilter library. ======================================================================= title: Reflected cross-site scripting product: Microsoft Azure DevOps Server vulnerab...

6.1CVSS0.2AI score0.02317EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/04/14 12:0 a.m.683 views

Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected cross-site scripting product: Microsoft Azure DevOps Server vulnerable version: 2020.0.1 fixed version: 2020.0.1 Patch 2 CVE number: CVE-2021-28459 impact: medi...

6.6AI score0.02317EPSS
Exploits3
OSV
OSV
added 2021/04/13 8:15 p.m.3 views

CVE-2021-28459

Azure DevOps Server Spoofing Vulnerability...

6.1CVSS6.8AI score0.02317EPSS
Exploits3References3
NVD
NVD
added 2021/04/13 8:15 p.m.46 views

CVE-2021-28459

Azure DevOps Server Spoofing Vulnerability...

6.1CVSS0.02317EPSS
Exploits3References3
NVD
NVD
added 2021/04/13 8:15 p.m.20 views

CVE-2021-27067

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability...

6.5CVSS0.02645EPSS
Exploits0References1
OSV
OSV
added 2021/04/13 8:15 p.m.6 views

CVE-2021-27067

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability...

6.5CVSS6.6AI score0.02645EPSS
Exploits0References1
Prion
Prion
added 2021/04/13 8:15 p.m.23 views

Information disclosure

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability...

4CVSS6.3AI score0.02645EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2021/04/13 8:15 p.m.21 views

Spoofing

Azure DevOps Server Spoofing Vulnerability...

4.3CVSS6.2AI score0.02317EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2021/04/13 7:33 p.m.45 views

CVE-2021-28459 Azure DevOps Server Spoofing Vulnerability

...

6.1CVSS6.7AI score0.02317EPSS
Exploits3References3
CVE
CVE
added 2021/04/13 7:33 p.m.140 views

CVE-2021-28459

CVE-2021-28459 affects Microsoft Azure DevOps Server on-premises (Azure DevOps Server 2020.0.1). Described as a cross-site scripting vulnerability (spoofing vulnerability) in the Azure DevOps Server component; publicly documented exploit discussion exists (e.g., SEC Consult entry). The fixed vers...

6.1CVSS6.4AI score0.02317EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2021/04/13 7:32 p.m.103 views

CVE-2021-27067

CVE-2021-27067 is an information-disclosure vulnerability in Azure DevOps Server and Team Foundation Server. According to PT-Security, the issue stems from memory-handling errors in the Team Foundation Services component, allowing a remote attacker to gain unauthorized access to protected informa...

6.5CVSS6.2AI score0.02645EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder