Lucene search
K

743 matches found

CNNVD
CNNVD
added 2023/12/15 12:0 a.m.4 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the fact that under...

4.3CVSS7AI score0.00416EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/01 12:0 a.m.5 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a security vulnerability that stems from the potential for...

7.5CVSS7AI score0.00557EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2023/11/14 11:35 a.m.60 views

CI/CD Risks: Protecting Your Software Development Pipelines

Have you heard about Dependabot? If not, just ask any developer around you, and they'll likely rave about how it has revolutionized the tedious task of checking and updating outdated dependencies in software projects. Dependabot not only takes care of the checks for you, but also provides...

7.4AI score
Exploits0
MSRC
MSRC
added 2023/11/14 8:0 a.m.25 views

Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI

Summary The Microsoft Security Response Center MSRC was made aware of a vulnerability where Azure Command-Line Interface CLI could expose sensitive information, including credentials, through GitHub Actions logs. The researcher, from Palo Alto Networks Prisma Cloud, found that Azure CLI commands...

7.3AI score
Exploits0
OSV
OSV
added 2023/11/06 1:15 p.m.4 views

UBUNTU-CVE-2023-3399

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom...

8.5CVSS5.7AI score0.00452EPSS
Exploits0References2
OSV
OSV
added 2023/11/06 11:15 a.m.1 views

UBUNTU-CVE-2023-5825

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to...

6.5CVSS5.8AI score0.00643EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.4 views

PT-2023-26778 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.3 through 16.3.6 GitLab CE/EE versions 16.4 through 16.4.2 GitLab CE/EE versions 16.5 through 16.5.1 Description: A Regular Expression Denial of Service issue was discovered, allowing an attack by adding a large strin...

6.5CVSS6.8AI score0.00595EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.4 views

PT-2023-24618 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.6 through 16.3.5 GitLab EE versions 16.4 through 16.4.1 GitLab EE versions 16.5 through 16.5.0 Description: An issue has been discovered in GitLab EE, where it was possible for an unauthorized project or group member to...

8.5CVSS6.6AI score0.00452EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/11/01 12:0 a.m.4 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a security vulnerability that originates from a...

6.5CVSS6.9AI score0.00643EPSS
Exploits0References4
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/10/18 4:30 p.m.48 views

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous...

7.5CVSS7.4AI score0.99979EPSS
Exploits17
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.3 views

PT-2023-31754 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.12 through 16.2.8 GitLab EE versions 16.3.0 through 16.3.5 GitLab EE versions 16.4.0 through 16.4.1 Description: An issue has been discovered in Ultimate-licensed GitLab EE that could allow an attacker to impersonate use...

8.2CVSS6.7AI score0.00526EPSS
Exploits0References10
OSV
OSV
added 2023/09/29 7:15 a.m.3 views

UBUNTU-CVE-2023-4532

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of...

4.3CVSS5.7AI score0.0044EPSS
Exploits0References2
OSV
OSV
added 2023/09/29 7:15 a.m.5 views

UBUNTU-CVE-2023-0989

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration...

5.7CVSS5.8AI score0.00429EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/28 12:0 a.m.3 views

PT-2023-29496 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 16.2 through 16.2.7 GitLab versions 16.3 through 16.3.4 GitLab versions 16.4 through 16.4.0 Description: An issue has been discovered in GitLab where users were capable of linking CI/CD jobs of private projects which they are...

4.3CVSS6.6AI score0.0044EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/09/28 12:0 a.m.3 views

PT-2023-16670 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.11 through 16.2.7 GitLab CE/EE versions 16.3 through 16.3.4 GitLab CE/EE versions 16.4 through 16.4.0 Description: An information disclosure issue in GitLab CE/EE allows an attacker to extract non-protected CI/CD...

5.7CVSS6.2AI score0.00429EPSS
Exploits0References12
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/08/29 12:0 a.m.14 views

How to Protect Your CI/CD Pipeline

Continuous integration and continuous delivery/deployment CI/CD has won over app developers, with enterprise cybersecurity teams on the hook to protect CI/CD pipelines. OWASP’s Top 10 CI/CD Security Risks clarify what to watch for...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.7 views

PT-2023-27227 · Unknown · Woodpecker

Name of the Vulnerable Software and Affected Versions: Woodpecker versions prior to 1.0.2 Description: An attacker can post malformed webhook data which leads to an update of the repository data, potentially allowing the takeover of a repository. This issue is critical if the CI is configured for...

8.1CVSS7.1AI score0.00716EPSS
Exploits0References14
CNVD
CNVD
added 2023/07/30 12:0 a.m.27 views

JetBrains TeamCity elevation of privilege vulnerability (CNVD-2023-62626)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A privilege vulnerability exists in JetBrains...

8.8CVSS7.3AI score0.00337EPSS
Exploits0References1
CNVD
CNVD
added 2023/07/30 12:0 a.m.11 views

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2023-62627)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

6.1CVSS6.3AI score0.00909EPSS
Exploits0References1
CNVD
CNVD
added 2023/07/14 12:0 a.m.8 views

JetBrains TeamCity Information Disclosure Vulnerability (CNVD-2023-62633)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An information disclosure vulnerability exists in...

6.5CVSS6.2AI score0.0119EPSS
Exploits0References1
Rows per page
Query Builder