all InfoSec news
Azure Pipelines Agent poisoned pipeline execution
Dec. 20, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
repository (github.com/actions/runner-images). This repo was misconfigured to use self-hosted runners insecurely,
in a way that could have allowed a malicious external contributor (i.e., anyone who had previously had at least one PR
approved and merged in the repo) to poison the repository and achieve code execution on runners in the repo. This in turn
could have theoretically allowed an attacker to modify …
actions agent azure azure pipelines deployment external github github actions github.com images malicious managed misconfigured pipeline pipelines repo repository runners
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
AWS Amplify IAM role publicly assumable exposure
1 week, 5 days ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
2 months, 2 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 1 week ago |
www.cloudvulndb.org
Amazon WorkSpaces Windows client credential logging
6 months, 3 weeks ago |
www.cloudvulndb.org
Power Platform Custom Code information disclosure
8 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Senior Security Researcher, SIEM
@ Huntress | Remote Canada
Senior Application Security Engineer
@ Revinate | San Francisco Bay Area
Cyber Security Manager
@ American Express Global Business Travel | United States - New York - Virtual Location
Incident Responder Intern
@ Bentley Systems | Remote, PA, US
SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May
@ EMW, Inc. | Mons, Wallonia, Belgium