Compromising ByteDance’s RSPack using GitHub Actions Vulnerabilities | allinfosecnews.com

May 31, 2024, 8:23 p.m. | Thomas Tan

Blog - Praetorian www.praetorian.com

Overview Recently, we identified several critical Pwn Request vulnerabilities within GitHub Actions used by the Rspack repository. These vulnerabilities could allow an external attacker to submit a malicious pull request, without the requirement of being a prior contributor to the repository, and compromise the following secrets: NPM Deployment Token Compromise: Exploitation of the Pwn Request […]

The post Compromising ByteDance’s RSPack using GitHub Actions Vulnerabilities appeared first on Praetorian.

actions attacker bytedance bytedance rspack compromise critical deployment exploitation external github github actions malicious npm pwn request repository request secrets token vulnerabilities vulnerability research

More from www.praetorian.com / Blog - Praetorian

Attack Surface Management: A Free Enablement Technology for Effective Continuous Threat Exposure Management 18 hours ago | www.praetorian.com

attack attack surface attack surface management attack surfaces +24

Secrets Exposed: The Rise of GitHub as an Attack Vector 4 days, 21 hours ago | www.praetorian.com

4chan anonymous attack attack vector +17

CVE-2024-6387: RegreSSHion 5 days, 11 hours ago | www.praetorian.com

addition code code execution cve +16

A Milestone of Excellence: Praetorian Security Inc. Named to Inc.’s Best Workplaces 6 days, 12 hours ago | www.praetorian.com

badge best workplaces culture daily +11

Chariot Continuous Threat Exposure Management (CTEM) Updates 2 weeks, 6 days ago | www.praetorian.com

chariot continuous continuous threat exposure management ctem +15

Compromising ByteDance’s RSPack using GitHub Actions Vulnerabilities 1 month ago | www.praetorian.com

actions attacker bytedance bytedance rspack +16

Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 2 months, 1 week ago | www.praetorian.com

ant application customers cve +21

MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135) 4 months, 1 week ago | www.praetorian.com

article can cross-site cswsh +17

Exploiting Kubernetes through Operator Injection 4 months, 3 weeks ago | www.praetorian.com

application applications attack attackers +20

Technology Risk & Controls Manager

@ LegalAndGeneral | London, United Kingdom

View on infosec-jobs.com

Solutions Architect - Prisma Cloud

@ Palo Alto Networks | Munich, Germany

View on infosec-jobs.com

Security Operations Engineer

@ Cognite | Oslo

View on infosec-jobs.com

Ingénieur Cybersécurité PKI

@ Alter Solutions | PARIS, France

View on infosec-jobs.com

Cyber Security Project Engineer

@ Dezign Concepts LLC | Chantilly, VA

View on infosec-jobs.com

Cloud Cybersecurity Incident Response Lead

@ Maveris | Martinsburg, West Virginia, United States

View on infosec-jobs.com