Lucene search
+L

25 matches found

Tenable Nessus
Tenable Nessus
added 2022/02/15 12:0 a.m.11 views

CircleCI Configuration Detected

CircleCI is a continuous integration service available as a Software as a Service SaaS based application or as a private instance and which is used to build and test software projects. By defining a configuration file named .circleci/config.yml in their source code repositories, developers can...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2022/01/20 11:30 a.m.101 views

Dep-Scan - Fully Open-Source Security Audit For Project Dependencies Based On Known Vulnerabilities And Advisories. Supports Both Local Repos And Container Images. Integrates With Various CI Environments Such As Azure Pipelines, CircleCI, Google CloudBuild

dep-scan is a fully open-source security audit tool for project dependencies based on known vulnerabilities, advisories and license limitations. Both local repositories and container images are supported as input. The tool is ideal for CI environments with built-in build breaker logic. If you hav...

7.2AI score
Exploits0References12
Schneier on Security
Schneier on Security
added 2021/04/21 4:12 p.m.54 views

Backdoor Found in Codecov Bash Uploader

Developers have discovered a backdoor in the Codecov bash uploader. Its been there for four months. We dont know who put it there. Codecov said the breach allowed the attackers to export information stored in its users continuous integration CI environments. This information was then sent to a...

2.4AI score
Exploits0
Hacker One
Hacker One
added 2020/04/24 10:54 p.m.22 views

Shopify: CircleCI token in github repo allows for access to sensitive build information

While looking through some Shopify Github repos I came across the following CircleCI token: ca84774a88598f639b174d498c219163e04adbb2 in the js-buy-sdk repo. curl https://circleci.com/api/v1.1/me?circle-token=ca84774a88598f639b174d498c219163e04adbb2 returns information about the user which confirm...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2020/02/12 11:8 a.m.33 views

Nextcloud: nextcloud-snap CircleCI project has vulnerable configuration which can lead to exposing secrets

Summary: CircleCI allows projects to configure whether builds will run as a result of a pull request from a fork, and also whether these fork PRs have access to the secrets stored in the parent repo's CircleCI settings. When both settings are enabled, and the repo associated with the project allo...

6.7AI score
Exploits0
Rows per page
Query Builder