743 matches found
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the fact that under...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a security vulnerability that stems from the potential for...
CI/CD Risks: Protecting Your Software Development Pipelines
Have you heard about Dependabot? If not, just ask any developer around you, and they'll likely rave about how it has revolutionized the tedious task of checking and updating outdated dependencies in software projects. Dependabot not only takes care of the checks for you, but also provides...
Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI
Summary The Microsoft Security Response Center MSRC was made aware of a vulnerability where Azure Command-Line Interface CLI could expose sensitive information, including credentials, through GitHub Actions logs. The researcher, from Palo Alto Networks Prisma Cloud, found that Azure CLI commands...
UBUNTU-CVE-2023-3399
An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom...
UBUNTU-CVE-2023-5825
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to...
PT-2023-26778 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.3 through 16.3.6 GitLab CE/EE versions 16.4 through 16.4.2 GitLab CE/EE versions 16.5 through 16.5.1 Description: A Regular Expression Denial of Service issue was discovered, allowing an attack by adding a large strin...
PT-2023-24618 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.6 through 16.3.5 GitLab EE versions 16.4 through 16.4.1 GitLab EE versions 16.5 through 16.5.0 Description: An issue has been discovered in GitLab EE, where it was possible for an unauthorized project or group member to...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a security vulnerability that originates from a...
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous...
PT-2023-31754 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.12 through 16.2.8 GitLab EE versions 16.3.0 through 16.3.5 GitLab EE versions 16.4.0 through 16.4.1 Description: An issue has been discovered in Ultimate-licensed GitLab EE that could allow an attacker to impersonate use...
UBUNTU-CVE-2023-4532
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of...
UBUNTU-CVE-2023-0989
An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration...
PT-2023-29496 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 16.2 through 16.2.7 GitLab versions 16.3 through 16.3.4 GitLab versions 16.4 through 16.4.0 Description: An issue has been discovered in GitLab where users were capable of linking CI/CD jobs of private projects which they are...
PT-2023-16670 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.11 through 16.2.7 GitLab CE/EE versions 16.3 through 16.3.4 GitLab CE/EE versions 16.4 through 16.4.0 Description: An information disclosure issue in GitLab CE/EE allows an attacker to extract non-protected CI/CD...
How to Protect Your CI/CD Pipeline
Continuous integration and continuous delivery/deployment CI/CD has won over app developers, with enterprise cybersecurity teams on the hook to protect CI/CD pipelines. OWASP’s Top 10 CI/CD Security Risks clarify what to watch for...
PT-2023-27227 · Unknown · Woodpecker
Name of the Vulnerable Software and Affected Versions: Woodpecker versions prior to 1.0.2 Description: An attacker can post malformed webhook data which leads to an update of the repository data, potentially allowing the takeover of a repository. This issue is critical if the CI is configured for...
JetBrains TeamCity elevation of privilege vulnerability (CNVD-2023-62626)
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A privilege vulnerability exists in JetBrains...
JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2023-62627)
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...
JetBrains TeamCity Information Disclosure Vulnerability (CNVD-2023-62633)
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An information disclosure vulnerability exists in...