Contrast Security Launches Managed Application Security
Best-in-class managed Application Security Testing and Application Detection and Response, powered by the people who built it.
GitLab Fixes Security Flaw That Lets Attackers Run Pipeline Jobs
Contrast Security CISO David Lindner said this vulnerability is something administrators need to take notice of, and heed GitLab’s advice to upgrade immediately.
“This is REALLY bad, as it effectively turns off access controls for running pipelines, which is the lifeblood of moving software from development to production,” Lindner wrote in an email. “This vulnerability could allow unauthorized users to execute pipeline jobs as any other user, which in turn could enable attackers to run malicious code, access sensitive data and compromise software integrity.”
Unauthorized content alteration bug found in NSA platform
The U.S. National Security Agency's open-source SkillTree training platform on GitHub has been impacted by a medium severity cross-site request forgery vulnerability, tracked as CVE-2024-39326, which could be leveraged to facilitate unauthorized modifications of training content, SiliconAngle reports.
GitLab patches 2nd critical pipeline vulnerability in last month
The critical vulnerabilities CVE-2024-6385 and CVE-2024-5655 could put developers’ projects at risk by enabling attackers to “run malicious code, access sensitive data and compromise software integrity,” Contrast Security CISO David Lindner told SC Media.
“This is REALLY bad, as it effectively turns off access controls for running pipelines, which is the lifeblood of moving software from development to production,” Lindner sai
