Gh Actions - Artifact Poisoning

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Artifact Poisoning

Kuna Github Actions kadhaa ambazo zinaruhusu kupakua artifacts kutoka kwa hazina nyingine. Hazina hizi nyingine kwa kawaida zitakuwa na Github Action ya kupakia artifact ambayo baadaye itapakuliwa.

Ikiwa mshambuliaji anaweza kwa namna fulani kuathiri Github Action, ataweza kuathiri artifact iliyopakuliwa ambayo inaweza kumruhusu kuathiri workflows nyingine zinazotumia hiyo.

Mfano wa artifact kupakuliwa kutoka hazina tofauti:

Kwa maelezo zaidi na chaguzi za ulinzi (kama vile kuweka artifact kuwa ngumu kupakua) angalia https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAbusing Github Actions NextGH Actions - Cache Poisoning

Last updated 1 month ago