writeups.xyz / GitHub Actions Exploitation: Repo Jacking And Environment Manipulation

Submitter : c2a

Date: 10 July 2024

Bounty : undisclosed

Vulnerabilities :

• Repojacking
• Supply Chain Attack

Programs :

• Microsoft (Azure)
• Swagger
• Google (Firebase)
• Alibaba

Authors :

• Hugo Vincent (@Hugow_vincent)

Link :
https://www.synacktiv.com/en/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation.html