1063 matches found
How to Set up an Automated SMS Analysis Service with AI in Tines
The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organization's security posture is by building an automated SMS analysis service. Workflow automation platform Tines provides a good example of how to do it...
CVE-2024-41122
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
CVE-2024-41121
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...
GHSA-3WF2-2PQ4-4RVC Woodpecker's custom environment variables allow to alter execution flow of plugins
Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...
Woodpecker's custom environment variables allow to alter execution flow of plugins
Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...
CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
CVE-2024-41121 Custom workspace allow to overwrite plugin entrypoint executable in Woodpecker
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
CVE-2024-41121 Custom workspace allow to overwrite plugin entrypoint executable in Woodpecker
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
projectdiscovery/nuclei allows unsigned code template execution through workflows
Summary Find a way to execute code template without -code option and signature. Details write a code.yaml: yaml id: code info: name: example code template author: ovi3 code: - engine: - sh - bash source: | id http: - raw: - | POST /re HTTP/1.1 Host: Hostname coderesponse workflows: - matchers: -...
CVE-2024-40641 Unsigned code template execution through workflows in projectdiscovery/nuclei
Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In...
CVE-2023-24531 vulnerabilities
Vulnerabilities for packages: argo-workflows, newrelic-fluent-bit-output...
End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities
At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research,...
CVE-2024-38506
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows...
CVE-2024-38506
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows...
CVE-2024-38506
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows...
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: flux-image-reflector-controller, cluster-autoscaler, falcoctl, ksops, zarf, timestamp-authority, guac, hugo, py3-azure-identity, buildkitd, grafana-mimir, argo-events, sqlpad, zot, sigstore-scaffolding, cosign, boring-registry, policy-controller, wal-g, argo-workflow...
GO-2024-2645 Nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei
Nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei...
Efficient Document Merging Strategies for Professionals
By Uzair Amir Discover time-saving document merging strategies for professionals. Learn how to streamline workflows, enhance collaboration, and protect document integrity for increased productivity and peace of mind. This is a post from HackRead.com Read the original post: Efficient Document...