Two vulnerabilities, assigned CVE-2019-9629 and CVE-2019-9630, were uncovered in Sonatype’s Nexus Repository Manager (NXRM) — an open-source governance platform used by DevOps professionals.
Kubernetes announced the discovery of CVE-2019-11246, a high-severity vulnerability affecting the command-line interface kubectl, during an ongoing third-party security audit.
Roughly 19% of the top 1,000 most popular containers on the Docker Hub portal are misconfigured, leaving them vulnerable to attacks given specific conditions.
The rise in adoption of containers means a greater need for security awareness. Our infographic details the various threats that container users could encounter at each stage of the development pipeline.
Threat actors were found exploiting CVE-2018-1000861, a vulnerability in the Stapler web framework that is used by the Apache Jenkins open-source software development automation server with versions 2.153 and earlier.
In an email sent to their customers on April 26, Docker reported that the online repository of their popular container platform suffered a data breach that affected 190,000 users.
A year after a potentially critical vulnerability (CVE-2018-1002100) was found and patched in the popular open-source container orchestration system and DevOps tool Kubernetes, researchers discovered that the vulnerability can still be exploited.
Cybercriminals are targeting cloud infrastructure via compromised container management platforms, malicious Docker images, API key theft, and control panel exploitation.
Popular open-source DevOps automation software StackStorm was reported to have a critical vulnerability that could allow remote attackers to perform arbitrary commands on targeted servers.