The compromise originated from a GitHub Actions script injection vulnerability in a workflow that improperly handled untrusted input from pull request comments. An attacker exploited this flaw to execute arbitrary commands within the CI pipeline, gaining access to the reposito...
The compromise originated from a GitHub Actions script injection vulnerability in a workflow that improperly handled untrusted input from pull request comments. An attacker exploited this flaw to execute arbitrary commands within the CI pipeline, gaining access to the reposito...
Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/elementary-data-compromised-in-supply-chain-attack