Octopus Deploy Code Issue Vulnerability

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. Octopus Deploy suffers from a security vulnerability that stems from the possibility that a user with low privileges could craft a request that allows enumeration or...

Octopus Deploy Security Vulnerability

Octopus Deploy is an automation tool for .NET, Java, and other application development and deployment from Octopus Deploy Australia. Octopus Deploy suffers from a security vulnerability that stems from the ability of a user with low privileges to interact with an extension endpoint...

PT-2023-12721 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows a low privileged guest user to interact with extension endpoints. Recommendations: At the moment, there is no information about a newer version that contains a fix f...

PT-2023-12744 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows a low-privileged guest user to craft a request that enables enumeration or reconnaissance of an environment. Recommendations: At the moment, there is no information...

CVE-2020-10962

In PowerShell App Deployment Toolkit aka PSAppDeployToolkit through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access...

Malicious code in deploy-workers-cloudflare-com (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 86fc56c152b28aec95059aa473a4a560558083997bf0bb390a71e672fcd73b29 The OpenSSF Package Analysis project identified 'deploy-workers-cloudflare-com' @ 9.1.0 npm as malicious. It is considered malicious because: -...

MAL-2023-1152 Malicious code in deploy-workers-cloudflare-com (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 86fc56c152b28aec95059aa473a4a560558083997bf0bb390a71e672fcd73b29 The OpenSSF Package Analysis project identified 'deploy-workers-cloudflare-com' @ 9.1.0 npm as malicious. It is considered malicious because: -...

Improper Authentication

gitLab is vulnerable to Improper Authentication. This vulnerability exists because it does not properly enforce IP address restrictions, allowing an attacker to misuse a valid deploy token from any location...

Information Disclosure

gitlab is vulnerable to Information Disclosure. When external authorization is enabled, a group owner may be able to overcome it in order to access git repositories and package registries by utilizing deploy tokens or deploy keys...

Security Bulletin: Watson CP4D Data Stores is vulnerable to SAP NetWeaver AS Java for Deploy Service information disclosure vulnerability ( CVE-2023-24527)

Summary Potential SAP NetWeaver AS Java for Deploy Service information disclosure vulnerability CVE-2023-24527 has been identified that may affect Watson CP4D Data Stores Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-24527 DESCRIPTION: SAP NetWeaver AS Java for...

Users with DEPLOY permission can grief each other through CREATE2

Lines of code Vulnerability details Bug Description In ERC725XCore.sol, the deployCreate2 function uses Openzeppelin's Create2.deploy to deploy new contracts: ERC725XCore.solL253-L267 function deployCreate2 uint256 value, bytes memory creationCode internal virtual returns bytes memory newContract...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Apache Tomcat (CVE-2023-28709)

Summary Apache Tomcat is used by IBM Urbancode Deploy UCD for processing web requests. Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix for CVE-2023-24998 related to the failure to limit the number of request parts to be processed in the file upload function. By...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to unsafe deserialization in SnakeYaml (CVE-2022-1471)

Summary SnakeYaml, a component of task execution, could allow an attacker to execute arbitrary code on the system by introducing specially-crafted yaml content. CVE-2022-1471 Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute...

PT-2023-8702 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 16.7.6 GitLab versions 16.8 through 16.8.2 GitLab versions 16.9 through 16.9.0 Description: An issue has been discovered in GitLab that allows group members with a sub-maintainer role to change the title of privately...

Password Disclosure

cloudfoundry is vulnerable to Password Disclosure. The vulnerability exists when kernel audit logging is enabled, which logs every command run on a VM, causing authentication commands of the form cf auth --client-credentials USERNAME PASSWORD to be logged in plaintext to syslog, allowing an...

@activepieces/piece-amazon-s3 (=0.0.2), @adobe/helix-admin-support (>=2.1.22 <=2.1.23) +471 more potentially affected by unknown CVE via fast-xml-parser (=4.2.4)

fast-xml-parser NPM version =4.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on fast-xml-parser and may be impacted: - @activepieces/piece-amazon-s3 =0.0.2 - @adobe/helix-admin-support =2.1.22, =9.0.39, =2.1.1, =2.1.15, =1.11.158, =1.0.4-0, =1.2.39-...

When deploying a contract in PermissionlessNodeRegistry.deployNodeELRewardVault(), an attacker can find out in advance the address of the future deployed contract and deploy his own at this address

Lines of code Vulnerability details Impact The address of the new contract depends solely on the salt parameter, which is calculated from user-provided data. Once a user's create transaction is broadcast, the parameters for calculating salt can be viewed by anyone viewing the public mempool. This...

CVE-2023-33966

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...

Design/Logic Flaw

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...

CVE-2023-33966 Deno missing "--allow-net" permission check for built-in Node modules

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...