CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL

A potential supply chain attack on GitHub CodeQL started simply: a publicly exposed secret, valid for 1.022 seconds at a time. In that second, an attacker could take a series of steps that would allow them to execute code within a GitHub Actions workflow in most repositories using CodeQL, GitHub’s code analysis engine trusted by […]

The post CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL appeared first on Praetorian.

The post CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL appeared first on Security Boulevard.

This article has been indexed from Security Boulevard

Read the original article: