The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree
Prisma Clud
SEPTEMBER 14, 2023
Get an in-depth look at the attack vectors, technical details and a real-world demo in this blog post highlighting our latest research. Is the GITHUB_TOKEN as accessible as other secrets? This token, in other words, can be accessed from any job in the workflow, even if the workflow doesn’t reference it. Reference a tag.
Let's personalize your content