| How We Found Another GitHub Action Environment Injection Vulnerability in a Google Project |
|
|
|
| Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable |
|
|
|
| Attackers Can Bypass GitHub Required Reviewers to Submit Malicious Code |
|
|
|
| Google & Apache Found Vulnerable to GitHub Environment Injection |
|
|
|
| Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks |
|
|
|
| Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline |
|
|
|
writeups.xyz
/
Noam Dotan