all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How We Found Another GitHub Action Environment Injection Vulnerability in a Google Project

Add to bookmarks
July 3, 2023, 6 p.m. | Noam Dotan

Security Boulevard securityboulevard.com




This blog shows another case of GitHub Actions environment injection vulnerability in a Google repository. The previous case where we found vulnerabilities in Firebase repositories can be found here with a detailed explanation of the underline mechanism that allows this type of vulnerabilities. By exploiting this vulnerability an attack could put Google’s Orbit users and maintainers at risk by injecting malicious code, conducting phishing attacks and more, depending on the project specific configuration.


The post How We Found Another GitHub …

action actions blog case environment exploiting firebase github github action github actions google injection legit project repositories repository threats vulnerabilities vulnerability

Visit resource

More from securityboulevard.com / Security Boulevard

Navigating the Future: Insights From the M&A Symposium at Kaseya Connect Global 3 hours ago | securityboulevard.com
amp connect connect global future +15
TrustCloud Product Updates: April 2024 7 hours ago | securityboulevard.com
ai capabilities april capabilities generative +8
News alert: Cybersixgill unveils ‘Third-Party Intelligence’ to deliver vendor-specific threat intel 7 hours ago | securityboulevard.com
alert april cyber cybersecurity +24
April Recap: New AWS Services and Sensitive Permissions 8 hours ago | securityboulevard.com
amazon amazon web services april aws +16
USENIX Security ’23 – Sherlock on Specs: Building LTE Conformance Tests through Automated Reasoning 8 hours ago | securityboulevard.com
access authors automated automated reasoning +19
FCC Fines Verizon, AT&T, and T-Mobile for Sharing User Location Data 8 hours ago | securityboulevard.com
amp back carriers case +33
Why Hackers May Already Have Your Private Health Care Information 8 hours ago | securityboulevard.com
care earth hackers health +10
Brits Ban Default Passwords — and More IoT Stupidity 9 hours ago | securityboulevard.com
act api security application security appsec +61
Unlocking the Prioritization Secrets of Top CISOs 9 hours ago | securityboulevard.com
changing chief chief information security officer ciso +21

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Architect - Northwest region (Remote)

@ GuidePoint Security LLC | Remote
View on infosec-jobs.com

Senior Consultant, Cyber Security Architecture

@ 6point6 | Manchester, United Kingdom
View on infosec-jobs.com

Junior Security Architect

@ IQ-EQ | Port Louis, Mauritius
View on infosec-jobs.com

Senior Detection & Response Engineer

@ Expel | Remote
View on infosec-jobs.com

Cyber Security Systems Engineer ISSE Splunk

@ SAP | Southbank (Melbourne), VIC, AU, 3006
View on infosec-jobs.com
View more jobs