GHSA-F9QJ-7GH3-MHJ4 run-terraform allows for RCE via terraform plan

Impact What kind of vulnerability is it? Who is impacted? All users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the contex...

Do more with less—Discover the latest Microsoft Entra innovations

It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyon...

Do more with less—Discover the latest Microsoft Entra innovations

It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyon...

PT-2022-24901 · Github · Kartverket/Github-Workflows

Name of the Vulnerable Software and Affected Versions: kartverket/github-workflows versions prior to 2.7.5 Description: The issue is a code injection vulnerability that affects all users of the run-terraform reusable workflow from the kartverket/github-workflows repo. A malicious actor could...

Apache Airflow code issue vulnerability

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. Apache Airflow 2.4.1 and earlier versions have a code issue vulnerability that stems from the failure of deactivated users to prevent authenticated users from continuing to use t...

Apache Airflow Open Redirect Vulnerability

Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache Foundation. Apache Airflow versions 2.3.0 to 2.3.4 have an open redirection vulnerability, which originates from the /confirm port of the web server does not do a reasonable job on the target...

Microsoft SharePoint Workflow Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of custom workflows. The issue results from the lack of proper validation ...

nuclei-templates

This is a GitHub repository for a community-curated list of templates for the Nuclei engine to find security vulnerabilities in applications. The repository contains various templates for the scanner provided by the team and contributed by the community. The templates are stored in the...

The vulnerability of the import function in GitHub’s software platform, based on Git, for collaborative code development on GitLab, allows a perpetrator to execute arbitrary code.

The vulnerability of the import function in GitHub’s software platform for GitLab-based collaborative code development is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Qualys VMDR Recognized as Best VM Solution by SC Awards 2022 & Leader by GigaOm

Qualys VMDR has been recognized for its commanding industry leadership by both the 2022 SC Awards and analyst firm GigaOm. SC Magazine has chosen Qualys VMDR as the winner of the Best Vulnerability Management Solution category in its SC Awards 2022. The SC Awards honors the best solutions in...

Pushing Open-Source Security Forward: Insights From Black Hat 2022

Open-source security has been a hot topic in recent years, and it's proven to be something of a double-edged sword. On the one hand, there's an understanding of the potential that open-source tools hold for democratizing security, making industry best practices accessible to more organizations an...

Apache Airflow Remote Code Execution Vulnerability (CNVD-2022-59057)

Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache Foundation. The platform is scalable and dynamically monitored, etc. A remote code execution vulnerability exists in versions of Apache Airflow prior to 3.0.0. The vulnerability stems from th...

How Microsoft Purview and Priva support the partner ecosystem

Today, many enterprise organizations are multicloud and multiplatform. Critical enterprise data is located across clouds and platforms, requiring security and compliance no matter where it lives. To solve the complexity that comes with these environments, organizations have invested in multiple...

Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker...

GHSA-CMV8-6362-R5W9 Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker...

Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

Privilege Escalation

github.com/argoproj/argo-workflows is vulnerable to privilege escalation. An attacker can create a workflow through the newHTTPServer function of argoserver.go that produces an HTML artifact and makes XRL calls to the Argo Server API by using a script, allowing the attacker to send malicious emai...

CVE-2022-29164

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

Hardcoded credentials

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

Argo Workflows 安全漏洞

Argo Workflows is an open source container-native workflow engine for Kubernetes from the Cloud Native Computing Foundation. A security vulnerability exists in Argo Workflows. An attacker can trick a victim into creating or deleting workflows through deception...