Lucene search
K

965 matches found

Qualys Blog
Qualys Blog
added 2019/09/16 6:31 p.m.69 views

Assess Vulnerabilities, Misconfigurations in CI/CD Pipeline

After the publication of Golden AMI Pipeline integration with Qualys, some Qualys customers reached out asking how to integrate Qualys Vulnerability Management scanning into other types of CI/CD Pipelines. To answer these questions, we've published the new guide, Assess Vulnerabilities and...

0.6AI score
Exploits0
OSV
OSV
added 2019/09/16 6:15 p.m.16 views

CVE-2019-15736

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack...

7.5CVSS6.5AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/09/16 6:15 p.m.20 views

CVE-2019-15736

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack...

7.5CVSS7.1AI score0.02035EPSS
Exploits0References2
Prion
Prion
added 2019/09/16 6:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack...

5CVSS7.2AI score0.02035EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/16 5:2 p.m.24 views

CVE-2019-15736

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack...

7.6AI score0.02035EPSS
Exploits0References2
CVE
CVE
added 2019/09/16 5:2 p.m.131 views

CVE-2019-15736

CVE-2019-15736 affects GitLab Community and Enterprise Edition up to 12.2.1, where CI pipelines could be used to cause a denial of service. A fix was released in GitLab 12.2.3.

7.5CVSS7.1AI score0.02035EPSS
Exploits0References2Affected Software1
FreeBSD
FreeBSD
added 2019/08/29 12:0 a.m.34 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Kubernetes Integration Server-Side Request Forgery Server-Side Request Forgery in Jira Integration Improved Protection Against Credential Stuffing Attacks Markdown Clientside Resource Exhaustion Pipeline Status Disclosure Group Runner Authorization Issue CI Metrics Disclosure User...

9.8CVSS1AI score0.03073EPSS
Exploits3References1
Hacker One
Hacker One
added 2019/08/19 10:30 p.m.160 views

GitLab: Container scanning and Dependency scanning report leaked to unauthorized users

Hi GitLab Security team Summary GitLab makes the container scanning and dependency scanning information available as part of a JSON endpoint for merge requests. These reports are output of the CI job and should only be displayed if the visiting user has access to CI. However, right now GitLab...

9.3CVSS8.6AI score0.51298EPSS
Exploits24
CNVD
CNVD
added 2019/07/10 12:0 a.m.4 views

GitLab Information Disclosure Vulnerability (CNVD-2020-22022)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Community and...

4.3CVSS6.4AI score0.00964EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2019/06/10 3:0 p.m.75 views

Countdown to Black Hat: Top 10 Sessions to Attend — #1

Black Hat USA 2019 offers a packed and impressive lineup of research briefings and hands-on training courses for the 19,000-plus security pros expected to attend this year’s event. The training sessions provide both offensive and defensive skills that security pros can use to tackle critical...

6.8AI score
Exploits0
OSV
OSV
added 2019/05/29 4:29 p.m.13 views

CVE-2019-7549

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job informatio...

4.3CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2019/05/29 4:29 p.m.24 views

CVE-2019-7549

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job informatio...

4.3CVSS4.3AI score0.00958EPSS
Exploits0References2
Prion
Prion
added 2019/05/29 4:29 p.m.18 views

Authorization

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job informatio...

4CVSS4.3AI score0.00958EPSS
Exploits0References2Affected Software1
Qualys Blog
Qualys Blog
added 2019/02/12 3:46 p.m.171 views

RunC Container Breakout Vulnerability

Despite the huge advantages that containers offer in application portability, acceleration of CI/CD pipelines and agility of deployment environments, the biggest concern has always been about isolation. Since all the containers running on a host share the same underlying kernel, any malicious cod...

9.3CVSS0.2AI score0.9857EPSS
Exploits33
Kitploit
Kitploit
added 2019/01/28 12:45 p.m.184 views

Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool

The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Running and configuring the scanner The Hawkeye scanner-cli assumes that your directory structure is such that it keeps the...

7.6AI score
Exploits0References6
Qualys Blog
Qualys Blog
added 2019/01/09 5:0 p.m.148 views

Container Security Becomes a Priority for Enterprises

Among the IT innovations that businesses are using to digitally transform operations, containers might be the most disruptive and revolutionary. “They’re a real game changer,” Qualys Chief Product Officer Sumedh Thakar said at QSC 2018 in Las Vegas. DevOps teams have embraced containers because...

7.5CVSS0.2AI score0.86978EPSS
Exploits10
Hacker One
Hacker One
added 2018/11/18 3:13 a.m.27 views

GitLab: Exfiltrate and mutate repository and project data through injected templated service

The GitLab import feature contains a vulnerability that allows an attacker to import a project that creates a service template. Service templates can normally only be created by a GitLab instance Administrator. When a new project is created, service templates are automatically initialized for the...

0.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2018/09/28 12:0 a.m.7 views

The vulnerability of the System.IO.Pipelines library in .NET Core and ASP.NET Core programming frameworks allows attackers to induce service interruptions.

The vulnerability of the System.IO.Pipelines library in .NET Core and ASP.NET Core applications is related to request processing errors. Exploiting this vulnerability allows an attacker to cause service failures through a specially crafted request...

7.5CVSS7.4AI score0.06558EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2018/09/13 12:29 a.m.26 views

CVE-2018-8409

A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1...

7.5CVSS6.5AI score0.06558EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/09/13 12:29 a.m.3 views

CVE-2018-8409

A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1...

7.5CVSS6.7AI score0.06558EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder