1393 matches found
CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
...
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
...
Azure DevOps Server Spoofing Vulnerability
...
Microsoft Azure DevOps Server 信息泄露漏洞
Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as code sharing, work tracking, and software distribution. An information disclosure vulnerability exists in Azure DevOps Server and Team...
HTTPS over HTTP: A Supply Chain Attack on Azure DevOps Server 2020
We provide the technical details of a supply chain attack on an improperly configured Azure DevOps Server 2020, specifically in the continuous integration and continuous delivery CI/CD Pipeline Agent communicating without TLS...
PT-2021-2707 · Microsoft · Team Foundation Server +1
Name of the Vulnerable Software and Affected Versions: Azure DevOps Server and Team Foundation Server affected versions not specified Description: The issue is related to errors in handling objects in memory within the Team Foundation Services component of Azure DevOps Server. This can allow a...
Microsoft Azure DevOps Server 跨站脚本漏洞
Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as code sharing, work tracking, and software distribution. A cross-site scripting vulnerability exists in Microsoft Azure DevOps Server. The...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Impersonating another user Access to sensitive data Increased use...
PT-2021-2727 · Microsoft · Azure Devops Server
Name of the Vulnerable Software and Affected Versions: Azure DevOps Server affected versions not specified Description: The issue is related to the failure to protect the web page structure, which can lead to cross-site scripting attacks. A remote attacker can exploit this to conduct such attacks...
Security Isn’t a Four-Letter Word: How Infrastructure as Code (IaC) Amplifies DevOps Through the Inclusion of Security
Our fast-paced lives are fueled by innovative, cloud-native companies. We are able to watch our favorite programs and movies from anywhere in the world on any device. We are able to collaborate with our colleagues on an upcoming presentation, regardless of whether we’re in the office or at home...
DevOps Teams Can Prove ISO Compliance with Automation
Learn the ISO standards for security and cloud compliance as well as the automated mechanisms to ensure those standards...
AppSec Bites: Implementing DevOps? What Security Teams Need to Know. (Part 4)
DevOps practices can be difficult to implement for any business. While the overall goal is to streamline the business and join the development and operations sides of things together, the first step needs to be a strong relationship between DevOps and security teams otherwise things will typicall...
How to Keep Up With Vulnerability Management Challenges in Ephemeral Cloud Environments
This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in participating in the next summit on March 9? Register here! The modern perspective is that the cloud has made it much easier to have visibility of your attack surface and...
Kubestriker - A Blazing Fast Security Auditing Tool For Kubernetes
Kubestriker performs numerous in depth checks on kubernetes infra to identify the security misconfigurations and challenges that devops engineers/developers are likely to encounter when using Kubernetes, especially in production and at scale. kubestriker is Platform agnostic and works equally wel...
Anatomy of a Security Super Bowl Dynasty, Part 1: The Defense
Imperva’s Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled Creating a Security Super Bowl Dynasty. In this presentation, they used examples of how teams create consistent, sustainable success in American...
Edge Redirector Cloudlet Gets Faster
Written by Maksym Novoseltsev - Senior Software Engineer, and Jeffrey Costa - Senior Product Manager, Web Performance Cloudlets Policy Manager often takes a long time to load, which is a by-product of its original design where every policy activation is an individual file. These files must be...
Rapid7 Acquires Leading Kubernetes Security Provider, Alcide
Organizations around the globe continue to embrace the flexibility, speed, and agility of the cloud. Those that have adopted it are able to accelerate innovation and deliver real value to their customers faster than ever before. However, while the cloud can bring a tremendous amount of benefits t...
Finding Results at the Intersection of Security and Engineering
As vice president and head of global security at ActiveCampaign, I’m fortunate to be able to draw on a multitude of experiences and successes in my career. I started in general network security, where I was involved in pen testing and security research. I worked at several multibillion-dollar Saa...
Theonedev Onedev Information Disclosure Vulnerability
Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev Onedev versions prior to...
Theonedev Onedev Injection Vulnerability (CNVD-2021-06530)
Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. OneDev versions prior to 4.0.3 hav...