1095 matches found
CVE-2024-45296 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, thingsboard, opensearch-dashboards, argo-workflows, vitess, grafana-fips, kubeflow-centraldashboard, kubeflow-pipelines, grafana-11.0, kibana, grafana, sqlpad...
GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterpart...
Future-Proofing Legacy Media Workflows with Akamai Object Storage
...
GHSA-4VVJ-4CPR-P986 vulnerabilities
Vulnerabilities for packages: argo-workflows...
GHSA-4VVJ-4CPR-P986 vulnerabilities
Vulnerabilities for packages: grafana-fips, grafana-11.0, grafana, argo-workflows...
CVE-2024-43788 vulnerabilities
Vulnerabilities for packages: argo-workflows...
CVE-2024-43788 vulnerabilities
Vulnerabilities for packages: grafana-fips, grafana-11.0, grafana, argo-workflows...
GO-2022-0405 Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client` in github.com/argoproj/argo-workflows
Potential privilege escalation on Kubernetes = v1.19 when the Argo Sever is run with --auth-mode=client in github.com/argoproj/argo-workflows...
GO-2022-0388 Argo Server TLS requests could be forged by attacker with network access in github.com/argoproj/argo-workflows
Argo Server TLS requests could be forged by attacker with network access in github.com/argoproj/argo-workflows...
CVE-2024-42482 fish-shop/syntax-check Improper Neutralization of Delimiters
fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...
Code Injection
Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...
Code Injection
Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...
How to Set up an Automated SMS Analysis Service with AI in Tines
The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organization's security posture is by building an automated SMS analysis service. Workflow automation platform Tines provides a good example of how to do it...
CVE-2024-41121
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
CVE-2024-41122
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...
Woodpecker's custom environment variables allow to alter execution flow of plugins
Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...
GHSA-3WF2-2PQ4-4RVC Woodpecker's custom environment variables allow to alter execution flow of plugins
Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...
CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...