1393 matches found
The Evolution of DevOps in 2021
DevOps has long been a key tool in helping organizations reliably and rapidly deliver systems into production. While in the past, IT and software development teams suffered from lengthy processes and struggled to resolve incompatible priorities, now DevOps allows for easier collaboration, as well...
Shift Left: Moving Container Security into the Dev, Test, and Build Process
Learn how you can use a DevOps methodology that optimizes application deployments and provides greater security for containers. This article explains how to move security into the container creation process in the DevOps workflow...
Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications
Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software code they utilize. With multiple code sources from multiple software vendors, the number of known and unknown vulnerabilities quickly grows beyond the capabilities of intern...
Securing Kubernetes Deployments From Runway to Takeoff
Kubernetes use is rising rapidly—according to a 2019 Cloud Native Computing Foundation CNCF survey, 78% of respondents say they use Kubernetes today 58% more respondents than the previous year. With numbers like those, it looks like everyone is headed toward the cloud. But as with any journey, yo...
DevOps Teams can learn from Clubhouse compliance woes
As Clubhouse continues to launch new features and gain popularity, protecting sensitive data and adhering to compliance should be on everyone’s mind...
The vulnerability of the Team Foundation Services component of the Azure DevOps Server development tool allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Team Foundation Services component of the Azure DevOps Server development tool is related to errors in memory object handling. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Azure DevOps Server software development tools, related to the lack of protective measures for website structures, allows attackers to perform cross-site scripting attacks.
The vulnerability of the Azure DevOps Server software development tools is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The Future is Friction-Free: Drive Innovation With DevOps + Security
Going from a centralized security group that dictates a “command and control” approach to cloud security toward a model of “trust but verify,” is at the core of the modern shift toward security-practice democratization. Organizational practices behind legacy, centralized data centers are being...
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (April 2021)
The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by multiple vulnerabilities. An attacker can exploit these to either perform actions with the privileges of another user or disclose sensitive information. Note all systems require...
Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting Vulnerability
Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the HordeTextFilter library. ======================================================================= title: Reflected cross-site scripting product: Microsoft Azure DevOps Server vulnerab...
Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected cross-site scripting product: Microsoft Azure DevOps Server vulnerable version: 2020.0.1 fixed version: 2020.0.1 Patch 2 CVE number: CVE-2021-28459 impact: medi...
CVE-2021-28459
Azure DevOps Server Spoofing Vulnerability...
CVE-2021-28459
Azure DevOps Server Spoofing Vulnerability...
CVE-2021-27067
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability...
CVE-2021-27067
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability...
Information disclosure
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability...
Spoofing
Azure DevOps Server Spoofing Vulnerability...
CVE-2021-28459 Azure DevOps Server Spoofing Vulnerability
...
CVE-2021-28459
CVE-2021-28459 affects Microsoft Azure DevOps Server on-premises (Azure DevOps Server 2020.0.1). Described as a cross-site scripting vulnerability (spoofing vulnerability) in the Azure DevOps Server component; publicly documented exploit discussion exists (e.g., SEC Consult entry). The fixed vers...
CVE-2021-27067
CVE-2021-27067 is an information-disclosure vulnerability in Azure DevOps Server and Team Foundation Server. According to PT-Security, the issue stems from memory-handling errors in the Team Foundation Services component, allowing a remote attacker to gain unauthorized access to protected informa...