Category: bug-bounty
-
The Monsters in Your Build Cache – GitHub Actions Cache Poisoning
GitHub Actions caching has some insecure design decisions that allow for some unique attacks. It’s considered working as intended, but there are many ways it can go wrong. Learn how I identified Actions cache poisoning vulnerabilities in a handful of open-source projects.
-
An Obscure Actions Workflow Vulnerability in Google’s Flank
Learn about how I used a custom tool to find a Google-owned repository vulnerable to GitHub Actions Poisoned Pipeline Execution Attack and earned a $7,500 bug bounty!
-
Web3’s Achilles’ Heel: A Supply Chain Attack on Astar Network
Web3 has a weakness, and that is CI/CD security. Learn how I responsibly disclosed a Critical vulnerability in Astar Network’s GitHub repository that would have allowed attackers to conduct a serious attack on the network, and how their security team handled it.
-
One Supply Chain Attack to Rule Them All – Poisoning GitHub’s Runner Images
I successfully exploited a critical misconfiguration vulnerability in GitHub’s actions/runner images repository. I gained control over build agents used by the repository, accessed secrets, and showed how an attacker could insert malicious code into the runner base images and carry out an attack which could have affected all GitHub customers…