Reconstructing the TJ Actions Changed Files GitHub Actions Compromise
1y agoen
Source
SnykReconstructing the TJ Actions Changed Files GitHub Actions Compromisesnyk.ioA critical security exploit in the popular GitHub Action changed-files (tj-actions/changed-files) exposed encrypted secrets in plaintext within GitHub Action logs. This vulnerability, affecting over 23,000 repositories, was enabled by orphaned commits and manipulated release tags. Learn how to protect your GitHub workflows from similar exploits.
You might also wanna read
GitHub Actions workflows identified as common weak link in open source supply chain attacks
This article analyzes a series of high-profile open source supply chain security incidents from the past 18 months, tracing them back to Git
Andrew Nesbitt·2mo ago
The case for GitHub Actions security after recent supply chain attacks
Datadog·1mo ago
‘GitLost’ vulnerability let GitHub’s AI workflows leak private repositories
siliconangle.com·22h ago

GitLost Flaw Exposes GitHub Repos via AI Workflow
Cyber Web Spider Blog·13h ago
Composer vulnerability leaks GitHub Actions GITHUB_TOKEN in logs due to format mismatch
A security vulnerability has been identified where Composer leaks the full contents of GitHub OAuth tokens (specifically GITHUB_TOKEN) to st

Guest Post: How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets ◆ Truffle Security Co.
trufflesecurity.com·1y ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.