vulnerability Archives - Developer Tech News

GitHub Enterprise Server 3.13.3 tackles critical SAML vulnerability

Ryan Daws — Thu, 22 Aug 2024 12:26:30 +0000

GitHub has released Enterprise Server 3.13.3, addressing several security vulnerabilities, including a critical flaw affecting instances using SAML single sign-on. Alongside security patches, the update delivers bug fixes, minor feature enhancements, and changes to the platform. The most pressing issue tackled by this update is a critical vulnerability (CVE-2024-6800) impacting instances employing SAML SSO with... Read more »

The post GitHub Enterprise Server 3.13.3 tackles critical SAML vulnerability appeared first on Developer Tech News.

Unit 42 researchers uncover critical GitHub Actions vulnerability

Ryan Daws — Thu, 15 Aug 2024 11:03:55 +0000

A new attack vector that could compromise GitHub repositories has been uncovered by researchers at Palo Alto Networks’ Unit 42 team. The vulnerability, which exploits GitHub Actions artifacts generated during CI/CD workflows, could potentially grant high-level access to cloud environments. The researchers found that a combination of misconfigurations and security flaws can cause artifacts to... Read more »

The post Unit 42 researchers uncover critical GitHub Actions vulnerability appeared first on Developer Tech News.

GitLab update addresses pipeline execution vulnerability

Ryan Daws — Thu, 11 Jul 2024 13:05:35 +0000

GitLab has released critical security updates to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to run pipeline jobs as arbitrary users. The company strongly recommends all GitLab installations be upgraded immediately to the latest versions: 17.1.2, 17.0.4, or 16.11.6 for both Community Edition (CE) and Enterprise Edition (EE). The most critical... Read more »

The post GitLab update addresses pipeline execution vulnerability appeared first on Developer Tech News.

CocoaPods flaws highlight growing supply chain risks

Ryan Daws — Tue, 02 Jul 2024 15:02:36 +0000

Security researchers at E.V.A Information Security have uncovered several critical vulnerabilities in CocoaPods, a popular dependency manager for Swift and Objective-C projects. These vulnerabilities potentially expose millions of Apple devices to supply chain attacks, highlighting the growing risks associated with open-source software dependencies. CocoaPods, used in over three million mobile apps, plays a crucial role... Read more »

The post CocoaPods flaws highlight growing supply chain risks appeared first on Developer Tech News.

Critical OpenSSH vulnerability threatens millions of Linux systems

Ryan Daws — Mon, 01 Jul 2024 15:15:19 +0000

A severe vulnerability in OpenSSH’s server (sshd) has been uncovered by Qualys’ Threat Research Unit (TRU), potentially affecting over 14 million Linux systems worldwide. The flaw, designated as CVE-2024-6387, allows for remote unauthenticated code execution (RCE) with root privileges on glibc-based Linux systems. This vulnerability, stemming from a signal handler race condition, impacts sshd in... Read more »

The post Critical OpenSSH vulnerability threatens millions of Linux systems appeared first on Developer Tech News.

CISA sounds alarm on critical GitLab flaw under active exploit

Ryan Daws — Thu, 02 May 2024 13:51:18 +0000

The US Cybersecurity and Infrastructure Security Agency (CISA) has labelled a critical vulnerability affecting the popular Git-based repository manager GitLab as a Known Exploited Vulnerability (KEV). The move comes in response to active exploitation attempts detected in the wild, underscoring the urgency for organisations to promptly apply security updates. Tracked as CVE-2023-7028, the severe flaw... Read more »

The post CISA sounds alarm on critical GitLab flaw under active exploit appeared first on Developer Tech News.

GitHub’s code scanning autofix enters public beta

Ryan Daws — Wed, 20 Mar 2024 16:58:27 +0000

GitHub has announced that its code scanning autofix feature, powered by GitHub Copilot and CodeQL, is now available in public beta for all GitHub Advanced Security customers. The autofix tool aims to remediate over two-thirds of vulnerabilities found during code scanning with minimal editing required by developers. “Our vision for application security is an environment... Read more »

The post GitHub’s code scanning autofix enters public beta appeared first on Developer Tech News.

GitHub rotates credentials following vulnerability discovery

Ryan Daws — Wed, 17 Jan 2024 16:58:10 +0000

GitHub has rotated encryption keys following the discovery of a vulnerability that could have enabled threat actors to steal credentials, the company revealed Tuesday. The Microsoft-owned firm said it first became aware of the high-severity security flaw tracked as CVE-2024-0200 on 26 December 2023. After investigating the issue and verifying there was no evidence it... Read more »

The post GitHub rotates credentials following vulnerability discovery appeared first on Developer Tech News.

Huawei AppGallery vulnerability gives away paid apps for free

Ryan Daws — Thu, 19 May 2022 10:52:58 +0000

A vulnerability has been discovered in Huawei’s AppGallery that enables paid apps to be downloaded for free. Huawei claims that AppGallery is now the third-largest app store in the world—serving over 600 million Huawei device users in over 170 countries/regions. Dylan Roussel, an Android developer, wanted to know how Huawei’s APIs worked. He figured out... Read more »

The post Huawei AppGallery vulnerability gives away paid apps for free appeared first on Developer Tech News.

80% of Spring framework downloads are exploitable versions

Ryan Daws — Tue, 05 Apr 2022 11:55:01 +0000

Data from Sonatype suggests that 80 percent of weekly Spring framework downloads are still exploitable versions. Spring is a mighty popular framework—often ranking in the top three most-used Java frameworks. That’s why the Java developer community was shaken when a vulnerability named Spring4Shell (CVE-2022-22965) was leaked by a security researcher ahead of an official CVE... Read more »

The post 80% of Spring framework downloads are exploitable versions appeared first on Developer Tech News.