Safeguard
Topic

DevSecOps

In-depth guides and analysis on devsecops from the Safeguard engineering team.

378 articles

DevSecOps

The tj-actions/changed-files GitHub Action Supply Chain C...

CVE-2025-30066 exposed how a compromised tj-actions/changed-files GitHub Action leaked CI/CD secrets into build logs across 23,000+ repos. Timeline, impact, and fixes.

Dec 1, 20258 min read
DevSecOps

Jenkins Stapler Unauthenticated RCE Mass-Exploited for Cr...

CVE-2018-1000861 let attackers hit Jenkins Stapler unauthenticated, planting cryptomining malware on exposed CI/CD build servers across the internet.

Nov 26, 20257 min read
DevSecOps

Jenkins CLI Java Deserialization Remote Code Execution (C...

CVE-2017-1000353 let attackers gain unauthenticated RCE on Jenkins via CLI Java deserialization. Here's the impact, timeline, and how to remediate it.

Nov 26, 20258 min read
DevSecOps

Jenkins Remote Code Execution via Groovy Metaclass (CVE-2...

CVE-2016-0792 let attackers bypass Jenkins' deserialization blacklist using Groovy's metaclass to achieve unauthenticated remote code execution via the CLI.

Nov 26, 20259 min read
DevSecOps

Jenkins CLI Deserialization RCE via Commons-Collections G...

CVE-2015-8103: unauthenticated RCE in Jenkins CLI via a Commons-Collections deserialization gadget chain. Impact, timeline, and remediation.

Nov 26, 20259 min read
DevSecOps

Jenkins Script Security Sandbox Bypass Leading to RCE (CV...

CVE-2019-1003029 let attackers escape the Jenkins Script Security sandbox and execute arbitrary code via crafted Groovy pipeline scripts.

Nov 25, 20258 min read
DevSecOps

Jenkins Arbitrary File Read via Crafted CLI Command (CVE-...

CVE-2018-1999002 let attackers read arbitrary files from Jenkins masters via crafted requests to the Stapler framework, exposing secrets and credentials.

Nov 25, 20258 min read
DevSecOps

TeamCity Authentication Bypass Exploited by Nation-State ...

A critical TeamCity authentication bypass, CVE-2023-42793, let APT29 and North Korean hackers seize build servers for supply chain attacks.

Nov 25, 20257 min read
DevSecOps

TeamCity Authentication Bypass Enabling Admin Account Cre...

CVE-2024-27198 lets unauthenticated attackers bypass TeamCity login and create admin accounts, with active exploitation and ransomware activity observed.

Nov 25, 20257 min read
DevSecOps

GitLab Unauthenticated RCE via ExifTool Image Processing ...

CVE-2021-22205 let attackers gain unauthenticated RCE on self-hosted GitLab via ExifTool image parsing. Here's the affected versions, severity, timeline, and fixes.

Nov 24, 20257 min read
DevSecOps

Argo CD Path Traversal via Malicious Helm Chart values.ya...

CVE-2022-24348 let attackers use a malicious Helm chart to path-traverse Argo CD's repo-server, exposing secrets across GitOps applications. Here's the fix.

Nov 24, 20257 min read
DevSecOps

Best DevSecOps platforms for shift-left security

A fair, no-hype comparison of DevSecOps platforms — GitLab, GitHub, Snyk, Wiz, JFrog, and Checkmarx — plus what to evaluate for real shift-left security.

Nov 7, 20258 min read
DevSecOps (Page 17) — Supply Chain Security Blog | Safeguard