Back to directory
WRITEUP #1229

Azure Devops CICD Pipelines - Command Injection With Parameters, Variables And A Discussion On Runner Hijacking

RCECI/CDOS command injection
by@bigshika(Sana Oshika)
Program
Microsoft (Azure DevOps Pipelines)
Published
May 1, 2023
Added to HackDex
May 4, 2023
Read Full Writeuphttps://pulsesecurity.co.nz/advisories/Azure-Devops-Command-Injection
RELATED WRITEUPS
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
SSD Advisory – SonicWall SMA100 Stored XSS To RCE
RCEOS command injection
[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package
RCEDependency confusion
Attacking PowerShell CLIXML Deserialization
DeserializationInsecure deserialization
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
RCEArbitrary file write

Built with ❤️ by Shubham Rawat