all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Azure Devops Zero-Click CI/CD Vulnerability

Add to bookmarks
Jan. 31, 2024, 1:37 p.m. | Nadav Noy

Legit Security Blog www.legitsecurity.com




The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets. The vulnerability does not require any action from the project maintainer, making it a zero-click supply chain vulnerability.

access action appsec attack attackers azure click code devops found legit legit security maintainer making malicious project research scms secrets security security research supply supply chain supply chain vulnerability team threats vulnerability zero-click

Visit resource

More from www.legitsecurity.com / Legit Security Blog

Securing the Gateway: Why Protecting Build Systems Is Crucial in Modern Software Development 1 week, 4 days ago | www.legitsecurity.com
appsec best practices build development +11
New Survey Finds a Paradox of Confidence in Software Supply Chain Security 2 weeks, 1 day ago | www.legitsecurity.com
analysis appsec best practices esg +10
Verizon 2024 DBIR: Key Takeaways 2 weeks, 5 days ago | www.legitsecurity.com
appsec best practices breach data +11
Securing the Vault: ASPM's Role in Financial Software Protection 3 weeks, 4 days ago | www.legitsecurity.com
alerts appsec aspm carbon +21
Dependency Confusion Vulnerability Found in an Archived Apache Project 1 month, 1 week ago | www.legitsecurity.com
apache appsec best practices dependency +10
The Role of ASPM in Enhancing Software Supply Chain Security 1 month, 2 weeks ago | www.legitsecurity.com
appsec aspm best practices critical +14
How to Reduce the Risk of Using External AI Models in Your SDLC 1 month, 2 weeks ago | www.legitsecurity.com
address ai models appsec best practices +5
Securing the Software Supply Chain: Risk Management Tips 2 months ago | www.legitsecurity.com
appsec best practices can explainers +15
What You Need to Know About the XZ Utils Backdoor 2 months ago | www.legitsecurity.com
announcement appsec backdoor legit +3

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com