1320 matches found
Microsoft Azure DevOps Elevation of Privilege Vulnerability
Microsoft Azure DevOps is a team collaboration services platform from Microsoft Corporation USA. Microsoft Azure DevOps has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...
CVE-2025-47158
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...
CVE-2025-47158
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...
CVE-2025-47158
Azure DevOps vulnerability CVE-2025-47158: Authentication bypass by assumed-immutable data can allow a network attacker to elevate privileges. Affected product: Azure DevOps Server/Services. Root cause: bypass of authentication via assumed-immutable data in Azure DevOps. Impact: privilege escalat...
CVE-2025-47158 Azure DevOps Server Elevation of Privilege Vulnerability
...
CVE-2025-47158 Azure DevOps Server Elevation of Privilege Vulnerability
...
Azure DevOps Server Elevation of Privilege Vulnerability
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...
PT-2025-30065 · Microsoft · Azure Devops Server
Name of the Vulnerable Software and Affected Versions: Azure DevOps Server affected versions not specified Description: Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no...
Microsoft Azure DevOps 安全漏洞
Microsoft Azure DevOps is a team collaboration services platform from Microsoft Corporation USA. Microsoft Azure DevOps has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...
KLA85943 PE vulnerability in Microsoft Developer Tools
An elevation of privilege vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-47158 Related products Microsoft-Azure CVE list CVE-2025-47158 critical Solution Install necessary updates from the KB...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple Apache Tomcat vulnerabilities (CVE-2025-48976, CVE-2025-48988)
Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is susceptible to multiple Apache Tomcat vulnerabilities CVE-2025-48976, CVE-2025-48988 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability i...
CVE-2025-53663
Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
PT-2025-29124 · Undefined · Undefined
Critical OpenSUSE update: Tomcat10 flaw CVE-2025-02261 enables RCE. 🔐 Patch immediately: Read more: 👉https://t.co/bqhawh5MI9 LinuxSecurity DevOps https://t.co/2WzdU68sFg...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the storage of SonarQube authentication tokens in unencrypted form within config.xml files on the Jenkins controller. An attacker can obtain sensitive authentication tokens by gaining...
CVE-2025-53663
Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53663
Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53663
CVE-2025-53663 affects Jenkins IBM Cloud DevOps Plugin (versions 2.0.16 and earlier). The vulnerability arises from unencrypted storage of SonarQube authentication tokens in job config.xml on the Jenkins controller, enabling access by users with Item/Extended Read permission or with filesystem ac...
Jenkins plugin IBM Cloud DevOps 安全漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. Jenkins plugin A...
Elastic WAF: Reshaping Application Security for DevOps and Hybrid Environments
We recently discussed Imperva’s vision for the future of application security, where we also covered the Imperva Security Engine. This innovative application security framework is powering up the next generation of Imperva solutions, the first of which is Imperva Elastic WAF. This blog is the fir...
A Bootiful Podcast: DevOps and AI luminary Patrick Debois
Hi, Spring, cloud native, and AI fans! In this installment, I had the opportunity to briefly sit down and talk with DevOps and AI luminary Patrick Debois, from the amazing Devoxx UK 2025 show...