Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack | allinfosecnews.com

March 30, 2023, 6:53 p.m. | Nadav Noy

Security Boulevard securityboulevard.com

The Legit Security research team has found a vulnerability in Azure Pipelines (CVE-2023-21553) that allows an attacker to execute malicious code in a context of a pipeline workflow, which allows attackers to gain sensitive secrets, move laterally in the organization, and initiate supply chain attacks.

The post Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack appeared first on Security Boulevard.

attack attackers attacks azure azure pipelines code code execution context cve legit legit security malicious organization pipeline pipelines remote code remote code execution research secrets security security boulevard security research software software supply chain software supply chain attack supply supply chain supply chain attack supply chain attacks team vulnerability

More from securityboulevard.com / Security Boulevard

How to do Penetration Testing effectively 13 hours ago | securityboulevard.com

art blog blog post can +17

Hackers Use Fake DocuSign Templates to Scam Organizations 13 hours ago | securityboulevard.com

abnormal abnormal security attacks credentials +34

Risks of GenAI Rising as Employees Remain Divided About its Use in the Workplace 15 hours ago | securityboulevard.com

ai and machine learning in security ai and ml in security ai ethics artificial intelligence +33

Questions You Need to Ask When Evaluating a Security Automation Vendor 16 hours ago | securityboulevard.com

ask automation governance questions +8

VFCFinder Highlights Security Patches in Open Source Software 16 hours ago | securityboulevard.com

analytics & intelligence application security commit cybersecurity +21

Palo Alto Networks and IBM Align Cybersecurity Strategies 18 hours ago | securityboulevard.com

align alto as-a-service center +31

Counting the Cost of PCI DSS Non-Compliance 18 hours ago | securityboulevard.com

american american express big card +21

Activating end-to-end secrets security with CyberArk and GitGuardian 19 hours ago | securityboulevard.com

cyberark end end-to-end gitguardian +7

The new Sonatype Learn: Self-service educational materials where and when you need them 19 hours ago | securityboulevard.com

courses devops educational industry +16

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Information System Security Engineer 2

@ Wyetech | Annapolis Junction, Maryland

View on infosec-jobs.com

Staff Vulnerability/Configuration Management Security Engineer

@ ServiceNow | Hyderabad, India

View on infosec-jobs.com

Security Engineer

@ AXS | London, England, UK

View on infosec-jobs.com