Lucene search
+L

32 matches found

OSV
OSV
added 2024/03/14 9:17 p.m.15 views

GHSA-PWX5-6WXG-PX5H Insecure Variable Substitution in Vela

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

7.7CVSS7.1AI score0.00716EPSS
Exploits0References4
Prion
Prion
added 2024/03/12 9:15 p.m.26 views

Input validation

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

4CVSS7.8AI score0.00716EPSS
Exploits0References2
OSV
OSV
added 2024/03/12 8:41 p.m.32 views

CVE-2024-28236 Insecure Variable Substitution in Vela

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

7.7CVSS7.5AI score0.00716EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2023/06/30 5:44 a.m.71 views

MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?

MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency CISA said. "An attacker can often exploit these vulnerabilities to tak...

8.1AI score
Exploits0
Snyk
Snyk
added 2023/06/06 8:20 a.m.7 views

Malicious Package

Overview gfg-cicd-scripts is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/25 9:53 p.m.2 views

Malicious code in here-cicd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 059fbaf9e8d2884ea6f7da702a10a4a50c105caa8c10f415fa653ba600db6b17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:25 p.m.4 views

Malicious code in aws-simple-cicd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a27cc2b92403fa555f199694756a21013cafbd1bed8513bca1d856ecfa3fc286 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:25 p.m.7 views

MAL-2022-1202 Malicious code in aws-simple-cicd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a27cc2b92403fa555f199694756a21013cafbd1bed8513bca1d856ecfa3fc286 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:21 p.m.2 views

Malicious code in servicenow_cicd_azuredevops (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98a23171679bfa9a049d94bfb3237b0fec15acf590f8517b59255ef1285829c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/03/12 3:8 p.m.5 views

sn-cicd (>=4.6.12 <=4.6.17) potentially affected by CVE-2021-23372 via mongo-express (=1.0.0-alpha.1)

mongo-express NPM version =1.0.0-alpha.1 is affected by a known vulnerability. The following packages have a transitive dependency on mongo-express and may be impacted: - sn-cicd =4.6.12, =4.6.17 Source cves: CVE-2021-23372 Source advisory: SNYK:JS-MONGOEXPRESS-1085403...

7.5CVSS7.1AI score0.00878EPSS
Exploits0
Kitploit
Kitploit
added 2018/05/03 12:38 p.m.28 views

Astra - Automated Security Testing For REST API's

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

8.2AI score
Exploits0References1
n0where
n0where
added 2018/04/09 1:57 a.m.24 views

REST API Penetration Testing: Astra

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

0.2AI score
Exploits0References1
Rows per page
Query Builder