What are the best practices for CI/CD tools performing privileged actions on a remote server?

When using CI/CD tools (such as jenkins or octopus deploy) how do companies follow best security practices when you need to perform privileged actions on a remote server as part of your build/deployment process?
For example if I want to ru… Continue reading What are the best practices for CI/CD tools performing privileged actions on a remote server?

This Week in Security: Glibc, Ivanti, Jenkins, and Runc

There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. This one’s a real rollercoaster, because logging vulnerabilities are always scary, but at a first look, it seems nearly …read more Continue reading This Week in Security: Glibc, Ivanti, Jenkins, and Runc

45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation

Shadowserver Foundation has seen 45,000 Jenkins instances affected by CVE-2024-23897, which may already be exploited in attacks.
The post 45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation appeared first on SecurityWeek.
Continue reading 45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation

Excessive Expansion Vulnerabilities Leave Jenkins Servers Open to Attacks

By Deeba Ahmed
The vulnerabilities stem from the way Jenkins handles user-supplied data.
This is a post from HackRead.com Read the original post: Excessive Expansion Vulnerabilities Leave Jenkins Servers Open to Attacks
Continue reading Excessive Expansion Vulnerabilities Leave Jenkins Servers Open to Attacks

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)

Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins have been made public and there’s evidence of exploitation in the wild. About CVE-2024-23897 Jenkins is a widely used Java-based ope… Continue reading Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)

Best CI/CD Pipeline Tools for DevOps in 2023

CI/CD tools help automate and streamline the development and release process. Explore our list of top CI/CD tools to find out which one is best for your team. Continue reading Best CI/CD Pipeline Tools for DevOps in 2023