Lucene search
K

743 matches found

CNVD
CNVD
added 2022/03/01 12:0 a.m.25 views

JetBrains TeamCity Security Bypass Vulnerability

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A security vulnerability exists in JetBrains TeamCity, which stems from the product's failure to validate user identities. An unauthenticated attacker could use the vulnerability to...

5.3CVSS2AI score0.00712EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.50 views

JetBrains TeamCity OS Command Injection Vulnerability Vulnerability

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. JetBrains TeamCity is vulnerable to an operating system command injection vulnerability that stems from a lack of filtering and escaping of system commands in the Agent Push feature...

9.8CVSS2AI score0.02158EPSS
Exploits0References1
Gitee
Gitee
added 2022/02/16 10:11 a.m.4 views

vulhub

This is a pre-built vulnerable environment based on Docker-Compose, maintained by the Vulhub project. The repository contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and more, which can be used for testing and training purposes. The environment is...

8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/02/09 3:25 p.m.23 views

What is Shift-Left Testing and What are the Benefits?

Back in the infancy of software creation, certainly up until the mid-90s when we still used more traditional software development practices, most testing was conducted at the end of the production cycle on a graph, this would be to the right on the development timeline. Shift-left takes this...

0.3AI score
Exploits0
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.5 views

GitLab Enterprise Edition 和 Gitlab Community Edition 信任管理问题漏洞

GitLab Enterprise Edition is a content management system, and GitLab Community Edition is a community edition of GitLab from GitLab, Inc. GitLab Enterprise Edition and Gitlab Community Edition are vulnerable to a trust management issue that arises from incorrect certificate validation of external...

6.8CVSS6.6AI score0.00421EPSS
Exploits0References5
Kitploit
Kitploit
added 2022/01/04 11:30 a.m.47 views

SyntheticSun - A Defense-In-Depth Security Automation And Monitoring Framework Which Utilizes Threat Intelligence, Machine Learning, Managed AWS Security Services And, Serverless Technologies To Continuously Prevent, Detect And Respond To Threats

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glass With reflections o...

6.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2021/12/13 3:47 p.m.3 views

CVE-2021-39935

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API...

6.8CVSS5.2AI score0.35649EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.6 views

GitLab代码问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A code issue vulnerability exists in GitLab CE/EE that stems from an...

7.5CVSS7.9AI score0.35649EPSS
Exploits0References7
The Coalfire Blog
The Coalfire Blog
added 2021/12/04 1:47 a.m.31 views

Preparing for DevSecOps transformation

The latest report from Coalfires prestigious Cloud Advisory Board CAB, consisting of some of the worlds most experienced C-level cyber leaders and cloud security thought leaders from Coalfire, provides some of the most significant insight and timely advice for cybersecurity leaders in 2022 and...

2.1AI score
Exploits0
CNVD
CNVD
added 2021/12/03 12:0 a.m.22 views

JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09215)

JetBrains TeamCity is a distributed build management and continuous integration tool from Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from...

5.3CVSS2.1AI score0.00685EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/03 12:0 a.m.21 views

JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09216)

JetBrains TeamCity is a distributed build management and continuous integration tool from Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.JetBrains TeamCity has a security vulnerability that stems from a missi...

5.3CVSS0.8AI score0.00685EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/11/13 12:0 a.m.4 views

PT-2021-23891 · Npm +5 · Npm +5

Name of the Vulnerable Software and Affected Versions: npm versions 7.x through 8.1.3 Description: The npm ci command proceeds with an installation even if dependency information in package-lock.json differs from package.json, which is inconsistent with the documentation. This behavior makes it...

9.8CVSS8.2AI score0.02534EPSS
Exploits1References46
CNVD
CNVD
added 2021/11/10 12:0 a.m.18 views

JetBrains TeamCity has an unspecified vulnerability

TeamCity, a Java-based build management and continuous integration server from JetBrains, has a security vulnerability in the "agent push" feature in versions prior to JetBrains TeamCity 2021.1.2. No details of the vulnerability are currently available...

9.8CVSS3.4AI score0.01052EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/11/09 6:42 p.m.4 views

buildah: Host environment variables leaked in build container when using chroot isolation

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN commands can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment,...

5.5CVSS7AI score0.00327EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/09 5:37 p.m.5 views

buildah: Host environment variables leaked in build container when using chroot isolation

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN commands can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment,...

5.5CVSS7AI score0.00327EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.5 views

Jetbrains JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from...

5.3CVSS5.6AI score0.00685EPSS
Exploits0References3
CNVD
CNVD
added 2021/09/23 12:0 a.m.22 views

JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09220)

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis and build issue analysis reports.A security vulnerability exists in versions of JetBrains TeamCity prior...

5.3CVSS2AI score0.00708EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/23 12:0 a.m.27 views

JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09219)

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in versions of JetBrains TeamCity...

7.5CVSS1.9AI score0.00622EPSS
Exploits0References1
Gitee
Gitee
added 2021/09/16 1:42 p.m.5 views

vulhub

This repository is an offensive tool for building vulnerable environments based on Docker-Compose. It contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and Jenkins, among others. The repository is maintained by phith0n and is licensed under the MIT...

7.9AI score
Exploits0
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.5 views

Travis CI 安全漏洞

Travis Ci is a German Travis Ci open source an online , distributed continuous integration service . It is used to build and test code hosted on GitHub. Travis CI suffers from a security vulnerability that could lead to the accidental sharing of secret data...

7.5CVSS7.7AI score0.01485EPSS
Exploits0References7
Rows per page
Query Builder