top | item 46092197 (no title) codesparkle | 3 months ago That’s not what happened at allThe attacker did not need to merge any PRs to exfiltrate the credentials discuss order hn newest codesparkle|3 months ago What actually happened:The workflow was configured in a way that allowed untrusted code from a branch controlled by the attacker to be executed in the context of a GitHub action workflow that had access to secrets.
codesparkle|3 months ago What actually happened:The workflow was configured in a way that allowed untrusted code from a branch controlled by the attacker to be executed in the context of a GitHub action workflow that had access to secrets.
codesparkle|3 months ago
The workflow was configured in a way that allowed untrusted code from a branch controlled by the attacker to be executed in the context of a GitHub action workflow that had access to secrets.