Login
From:
Adnan Khan's Blog
(Uncensored)
subscribe
Release-Drafter To google/accompanist Compromise: VRP Writeup
https://adnanthekhan.com/2024/11/11/release-drafter-to-google-accompanist-compromise-vrp-writeup/
links
backlinks
Tagged with:
github
cicd
bugbounty
githubactions
In this post, I cover how I discovered a CI/CD misconfiguration in the Release Drafter GitHub action and demonstrated how it could have directly impacted a Google owned open-source repository (and many more!) that used it by tag instead of SHA.
Roast topics
Find topics
Roast it!
Roast topics
Find topics
Find it!
Roast topics
Find topics
Find it!
