writeups.xyz / Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack

Submitter : c2a

Date: 30 March 2023

Bounty : undisclosed

Vulnerabilities :

• RCE
• CI/CD
• Supply Chain Attack

Programs :

• Microsoft (Azure DevOps Pipelines)

Authors :

• Nadav Noy

Link :
https://www.legitsecurity.com/blog/remote-code-execution-vulnerability-in-azure-pipelines-can-lead-to-software-supply-chain-attack