17 matches found
EUVD-2022-48205
Malicious code in bioql PyPI...
Malicious code in azure-pipelines (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3befea97b94282d8ce4388e647f5f86caea89c7727ce5f913eb233b357335d0f Any computer that has this package installed or running should be considered...
MAL-2025-5180 Malicious code in azure-pipelines (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3befea97b94282d8ce4388e647f5f86caea89c7727ce5f913eb233b357335d0f Any computer that has this package installed or running should be considered...
CVE-2022-45306
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder...
PurpleKeep - Providing Azure Pipelines To Create An Infrastructure And Run Atomic Tests
With the rapidly increasing variety of attack techniques and a simultaneous rise in the number of detection rules offered by EDRs Endpoint Detection and Response and custom-created ones, the need for constant functional testing of detection rules has become evident. However, manually re-running...
Security Updates for Azure Pipelines Agent (November 2023)
The Microsoft Azure Pipelines Agent running on the remote host is prior to 2.217.2. It is, therefore affected by a remote code execution vulnerability due to an integer overflow in the embedded mingit component. Note that Nessus has not tested for this issue but has instead relied only on the...
Chocolatey Azure Pipelines Agent Privilege Design Vulnerability
Chocolatey can handle various types of installation packages.Azure Pipelines Agent Also known as Azure Pipelines Agent, it is mainly used to generate code or deploy software in the Devops process. A privilege design vulnerability exists in the Chocolatey Azure Pipelines Agent package v2.211.1 and...
CVE-2022-45306
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder...
CVE-2022-45306
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder...
CVE-2022-45306
CVE-2022-45306 affects Chocolatey Azure-Pipelines-Agent package versions 2.211.1 and earlier. The vulnerability is insecure permissions: all users in the Authenticated Users group have write privileges to the subfolder C:\agent and all files within. This is documented across multiple sources (Red...
Chocolatey Azure-Pipelines-Agent 安全漏洞
Chocolatey can handle various types of installation packages.Azure Pipelines Agent Also known as Azure Pipelines Agent, it is mainly used to generate code or deploy software in the Devops process. A privilege design vulnerability exists in the Chocolatey Azure Pipelines Agent package v2.211.1 and...
PT-2022-27464 · Microsoft · Chocolatey Azure-Pipelines-Agent
Name of the Vulnerable Software and Affected Versions: Chocolatey Azure-Pipelines-Agent versions 2.211.1 and below Description: The issue is related to insecure permissions in the Chocolatey Azure-Pipelines-Agent package, which grants all users in the Authenticated Users group write privileges fo...
Malicious code in snyk-azure-pipelines-task (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1415763e729b09889f3cb0714d88b936b6c14f499ccbdd82f5697fe861fcc1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6194 Malicious code in snyk-azure-pipelines-task (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1415763e729b09889f3cb0714d88b936b6c14f499ccbdd82f5697fe861fcc1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in azure-pipelines-dependency-track (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d8de0a03478a809b8f29b605fa046f7b89e682904f1dbfb3321aa9e64df94f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1362 Malicious code in azure-pipelines-dependency-track (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d8de0a03478a809b8f29b605fa046f7b89e682904f1dbfb3321aa9e64df94f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Dep-Scan - Fully Open-Source Security Audit For Project Dependencies Based On Known Vulnerabilities And Advisories. Supports Both Local Repos And Container Images. Integrates With Various CI Environments Such As Azure Pipelines, CircleCI, Google CloudBuild
dep-scan is a fully open-source security audit tool for project dependencies based on known vulnerabilities, advisories and license limitations. Both local repositories and container images are supported as input. The tool is ideal for CI environments with built-in build breaker logic. If you hav...