Techly NewsGet the app

Get the latest tech news

Exploiting CI / CD Pipelines for fun and profit


ction In today’s world of fast-paced development and continuous integration, security vulnerabilities can be easy to overlook. Recently, I discovered a severe exploit chain, starting from a publicly exposed .git directory, which led to a full server takeover.

Recently, I discovered a severe exploit chain, starting from a publicly exposed.git directory, which led to a full server takeover. Key Findings: The pipeline configuration file revealed that SSH was being used to log into the production server as part of the automated deployment process. It serves as a reminder to developers and sysadmins to audit their code repositories, deployment pipelines and server configuration regularly to prevent such attacks.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Fun

Fun

Photo of profit

profit

Photo of CD Pipelines

CD Pipelines

Related news:

News photo

Creating a search engine for fun and because Google sucks

News photo

GoTo Exits Tough Vietnam Market to Focus on Reaching Profit

News photo

Half an hour of Dune Awakening gameplay footage is enough to show that our upcoming visit to Arrakis is going to be a lot of fun

« Travis Scott, Sabrina Carpenter and the Dark Arts of the Music Charts
Charging lithium-ion batteries at high currents first increases lifespan by 50% »