Techly NewsGet the app

Get the latest tech news

'GitHub Actions' Artifacts Leak Tokens, Expose Cloud Services and Repositories


Security Week brings news about CI/CD workflows using GitHub Actions in build processes. Some workflows can generate artifacts that "may inadvertently leak tokens for third party cloud services and GitHub, exposing repositories and services to compromise, Palo Alto Networks warns." [The artifacts] ...

Another high-profile project involved adsys, a tool included in the Ubuntu distribution used by corporations for integration with Active Directory." My aim in this article is to highlight the potential for unintentionally exposing sensitive information through artifacts in GitHub Actions workflows. Security defenders must adopt a holistic approach, meticulously scrutinizing every stage — from code to production — for potential vulnerabilities.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of cloud services

cloud services

Photo of tokens

tokens

Photo of repositories

repositories

Related news:

News photo

GitHub Actions artifacts found leaking auth tokens in popular projects

News photo

A multimodal dataset with one trillion tokens

News photo

Demystifying Cookies and Tokens

« The Morning After: Google apologizes over its Pixel influencer demands
Pokémon TCG Pocket will let you open digital card packs via your smartphone in October »