Gradle 信息泄露漏洞

Gradle is a set of JVM-based project building tools from the US company Gradle, which supports maven, Ivy repositories and more. An information disclosure vulnerability exists in Gradle versions prior to 2.4.2, which stems from the fact that data stored in the GitHub Actions cache can be read by...

Modernizing Vulnerability Management: The Move Toward Exposure Management

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effectiv...

Modernizing Vulnerability Management: The Move Toward Exposure Management

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effectiv...

Users can set up workflows using restricted and invisible system tags

None...

SUSE CVE-2023-26482

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...

CVE-2023-26482

CVE-2023-26482 affects Nextcloud Server (24.x prior to 24.0.10 and 25.x prior to 25.0.4 in several sources). The issue is a missing scope validation for Workflow operations, allowing creation of workflows intended for admins to be usable by non-admin contexts and, in combination with certain apps...

CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...

Apache Airflow Information Disclosure Vulnerability (CNVD-2023-23550)

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamically monitored, etc. An information disclosure vulnerability exists in versions prior to Apache Airflow 2.5.2, which stems from the fact that...

Nextcloud: Users can set up workflows using restricted and invisible system tags

Vulnerability description not provided...

Qualys VMDR & Jira Integration Now Available

The increasing number of vulnerabilities poses a significant challenge for most organizations trying to effectively manage and mitigate Cyber risks. According to NVD, the number of vulnerabilities in 2022 increased by approximately 25% as compared to 2021. As we are in start of March the...

Enhanced policy management with GitOps and Terraform

Wiz announces new GitOps workflows and Terraform provider, enabling customers to manage policies as code...

End the compliance management blues

Coalfire teamed up with one of the worlds leading security technology engineering firms, anecdotes, to expand Compliance Essentials capabilities - automating compliance workflows and risks, evidence collection, and audit execution. All within one platform...

CVE-2023-24029

In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

You Don't Know Where Your Secrets Are

Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 9...

CVE-2022-46258

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability...

Sipity SQL注入漏洞

Sipity is an open source plugin-ready and extensible Rails application from Hesburgh Libraries of Notre Dame. It is used to model approval-based workflows. Sipity suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to perform a sql injection attack...

PT-2022-11695 · Brave · Brave Ux

Name of the Vulnerable Software and Affected Versions: Brave UX for-the-badge affected versions not specified Description: A critical issue was found in Brave UX for-the-badge, affecting some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command...

Apache Airflow Input Validation Error Vulnerability (CNVD-2022-78860)

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring.Apache Airflow versions prior to 2.4.3 are vulnerable to an input validation error that stems from an open redirect in the...

Apache Airflow code injection vulnerability

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamic monitoring features. Apache Airflow has a code injection vulnerability, the vulnerability stems from the user input structure during the...

Description of the security update for SharePoint Foundation 2013: September 13, 2022 (KB5002267)

Description of the security update for SharePoint Foundation 2013: September 13, 2022 KB5002267 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint remote code execution vulnerability. To learn more about the...