Collaborate Disseminate
When using CI/CD tools (such as jenkins or octopus deploy) how do companies follow best security practices when you need to perform privileged actions on a remote server as part of your build/deployment process?
For example if I want to ru… Continue reading What are the best practices for CI/CD tools performing privileged actions on a remote server?
OK, that headline is a bit of a cheap shot. But if you run the curl binary that Apple ships, you’re in for a surprise if you happen to use …read more Continue reading This Week in Security: Apple Backdoors Curl, Tor’s New Bridge, and GhostRace
There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. This one’s a real rollercoaster, because logging vulnerabilities are always scary, but at a first look, it seems nearly …read more Continue reading This Week in Security: Glibc, Ivanti, Jenkins, and Runc
Shadowserver Foundation has seen 45,000 Jenkins instances affected by CVE-2024-23897, which may already be exploited in attacks.
The post 45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation appeared first on SecurityWeek.
Continue reading 45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation
By Deeba Ahmed
The vulnerabilities stem from the way Jenkins handles user-supplied data.
This is a post from HackRead.com Read the original post: Excessive Expansion Vulnerabilities Leave Jenkins Servers Open to Attacks
Continue reading Excessive Expansion Vulnerabilities Leave Jenkins Servers Open to Attacks
PoC exploit code targeting a critical Jenkins vulnerability patched last week is already publicly available.
The post PoC Exploit Published for Critical Jenkins Vulnerability appeared first on SecurityWeek.
Continue reading PoC Exploit Published for Critical Jenkins Vulnerability
Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins have been made public and there’s evidence of exploitation in the wild. About CVE-2024-23897 Jenkins is a widely used Java-based ope… Continue reading Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)
CI/CD tools help automate and streamline the development and release process. Explore our list of top CI/CD tools to find out which one is best for your team. Continue reading Best CI/CD Pipeline Tools for DevOps in 2023
Jenkins has announced patches for high and medium-severity vulnerabilities impacting several of the open source automation tool’s plugins.
The post Jenkins Patches High-Severity Vulnerabilities in Multiple Plugins appeared first on SecurityWeek.
Continue reading Jenkins Patches High-Severity Vulnerabilities in Multiple Plugins
Is there any legitimate reason why Jenkins would ever need to request the memory of c:\windows\system32\lsass.exe (Local Security Authority Subsystem Service)?
The endpoint protection (Carbon Black) on the Jenkins server is denying Jenkins… Continue reading Why would Jenkins want to read the memory of lsass.exe?