all InfoSec news
RCE vulnerability in Azure Pipelines
March 30, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
attacker to gain complete control of variables and tasks by exploiting logging commands.
This would have enabled them to execute malicious code in a context of a pipeline workflow,
which would have granted them access to sensitive secrets such as cloud deployment keys,
move laterally in the organization, and potentially initiate supply chain attacks.
To exploit this vulnerability, an attacker would have needed permissions to create …
access azure azure pipelines cloud code context control exploiting legit legit security logging malicious pipeline pipelines rce secrets security vulnerability
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
2 weeks, 4 days ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
3 months, 1 week ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Consultant/Senior Consultant – Categoria Protetta L. 68/99
@ BIP | Italy
SoC Security Architect, Platform Architecture
@ Apple | San Diego, California, United States
Cloud Engineer II- SOC Analyst
@ Insight Enterprises, Inc. | Gurugram Gurgaon HR, IN