743 matches found
JetBrains TeamCity Security Bypass Vulnerability
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A security vulnerability exists in JetBrains TeamCity, which stems from the product's failure to validate user identities. An unauthenticated attacker could use the vulnerability to...
JetBrains TeamCity OS Command Injection Vulnerability Vulnerability
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. JetBrains TeamCity is vulnerable to an operating system command injection vulnerability that stems from a lack of filtering and escaping of system commands in the Agent Push feature...
vulhub
This is a pre-built vulnerable environment based on Docker-Compose, maintained by the Vulhub project. The repository contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and more, which can be used for testing and training purposes. The environment is...
What is Shift-Left Testing and What are the Benefits?
Back in the infancy of software creation, certainly up until the mid-90s when we still used more traditional software development practices, most testing was conducted at the end of the production cycle on a graph, this would be to the right on the development timeline. Shift-left takes this...
GitLab Enterprise Edition 和 Gitlab Community Edition 信任管理问题漏洞
GitLab Enterprise Edition is a content management system, and GitLab Community Edition is a community edition of GitLab from GitLab, Inc. GitLab Enterprise Edition and Gitlab Community Edition are vulnerable to a trust management issue that arises from incorrect certificate validation of external...
SyntheticSun - A Defense-In-Depth Security Automation And Monitoring Framework Which Utilizes Threat Intelligence, Machine Learning, Managed AWS Security Services And, Serverless Technologies To Continuously Prevent, Detect And Respond To Threats
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glass With reflections o...
CVE-2021-39935
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API...
GitLab代码问题漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A code issue vulnerability exists in GitLab CE/EE that stems from an...
Preparing for DevSecOps transformation
The latest report from Coalfires prestigious Cloud Advisory Board CAB, consisting of some of the worlds most experienced C-level cyber leaders and cloud security thought leaders from Coalfire, provides some of the most significant insight and timely advice for cybersecurity leaders in 2022 and...
JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09215)
JetBrains TeamCity is a distributed build management and continuous integration tool from Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from...
JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09216)
JetBrains TeamCity is a distributed build management and continuous integration tool from Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.JetBrains TeamCity has a security vulnerability that stems from a missi...
PT-2021-23891 · Npm +5 · Npm +5
Name of the Vulnerable Software and Affected Versions: npm versions 7.x through 8.1.3 Description: The npm ci command proceeds with an installation even if dependency information in package-lock.json differs from package.json, which is inconsistent with the documentation. This behavior makes it...
JetBrains TeamCity has an unspecified vulnerability
TeamCity, a Java-based build management and continuous integration server from JetBrains, has a security vulnerability in the "agent push" feature in versions prior to JetBrains TeamCity 2021.1.2. No details of the vulnerability are currently available...
buildah: Host environment variables leaked in build container when using chroot isolation
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN commands can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment,...
buildah: Host environment variables leaked in build container when using chroot isolation
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN commands can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment,...
Jetbrains JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a distributed build management and continuous integration tool from Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from...
JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09220)
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis and build issue analysis reports.A security vulnerability exists in versions of JetBrains TeamCity prior...
JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09219)
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in versions of JetBrains TeamCity...
vulhub
This repository is an offensive tool for building vulnerable environments based on Docker-Compose. It contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and Jenkins, among others. The repository is maintained by phith0n and is licensed under the MIT...
Travis CI 安全漏洞
Travis Ci is a German Travis Ci open source an online , distributed continuous integration service . It is used to build and test code hosted on GitHub. Travis CI suffers from a security vulnerability that could lead to the accidental sharing of secret data...