32 matches found
GHSA-PWX5-6WXG-PX5H Insecure Variable Substitution in Vela
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
Input validation
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...
CVE-2024-28236 Insecure Variable Substitution in Vela
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...
MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?
MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency CISA said. "An attacker can often exploit these vulnerabilities to tak...
Malicious Package
Overview gfg-cicd-scripts is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Malicious code in here-cicd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 059fbaf9e8d2884ea6f7da702a10a4a50c105caa8c10f415fa653ba600db6b17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in aws-simple-cicd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a27cc2b92403fa555f199694756a21013cafbd1bed8513bca1d856ecfa3fc286 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1202 Malicious code in aws-simple-cicd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a27cc2b92403fa555f199694756a21013cafbd1bed8513bca1d856ecfa3fc286 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in servicenow_cicd_azuredevops (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98a23171679bfa9a049d94bfb3237b0fec15acf590f8517b59255ef1285829c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
sn-cicd (>=4.6.12 <=4.6.17) potentially affected by CVE-2021-23372 via mongo-express (=1.0.0-alpha.1)
mongo-express NPM version =1.0.0-alpha.1 is affected by a known vulnerability. The following packages have a transitive dependency on mongo-express and may be impacted: - sn-cicd =4.6.12, =4.6.17 Source cves: CVE-2021-23372 Source advisory: SNYK:JS-MONGOEXPRESS-1085403...
Astra - Automated Security Testing For REST API's
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...
REST API Penetration Testing: Astra
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...