Pre-Auth Takeover of Build Pipelines in GoCD

GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption keys. id: CVE-2021-43287 info: name: Pre-Auth Takeover of Build Pipelines in GoCD author: dhiyaneshDk severity...

GoCD: Information Disclosure via Logback Configuration Injection in GoCD Agent

Summary The GoCD Agent's logging mechanism Logback allows for property substitution and custom configuration loading. By default, the config directory might not exist in the installation path. However, if an attacker creates this directory and places a specially crafted agent-launcher-logback.xml...

EUVD-2021-12790

Malware in sbrugna...

EUVD-2021-30230

Malicious code in bioql PyPI...

EUVD-2022-33577

Malicious code in bioql PyPI...

EUVD-2022-41796

Malicious code in bioql PyPI...

EUVD-2024-53112

Malicious code in bioql PyPI...

EUVD-2024-53111

Malicious code in bioql PyPI...

EUVD-2022-29619

Malicious code in bioql PyPI...

EUVD-2023-32296

Malicious code in bioql PyPI...

EUVD-2024-53110

Malicious code in bioql PyPI...

EUVD-2022-41798

Malicious code in bioql PyPI...

EUVD-2022-41797

Malicious code in bioql PyPI...

EUVD-2024-25939

Malicious code in bioql PyPI...

EUVD-2021-30233

Malicious code in bioql PyPI...

EUVD-2021-30232

Malicious code in bioql PyPI...

EUVD-2023-32295

Malicious code in bioql PyPI...

EUVD-2022-41799

Malicious code in bioql PyPI...

EUVD-2022-38836

Malicious code in bioql PyPI...

EUVD-2022-33578

Malicious code in bioql PyPI...