all InfoSec news
How We Found Another GitHub Action Environment Injection Vulnerability in a Google Project
Legit Security Blog www.legitsecurity.com
This blog shows another case of GitHub Actions environment injection vulnerability in a Google repository. The previous case where we found vulnerabilities in Firebase repositories can be found here with a detailed explanation of the underline mechanism that allows this type of vulnerabilities. By exploiting this vulnerability an attack could put Google’s Orbit users and maintainers at risk by injecting malicious code, conducting phishing attacks and more, depending on the project specific configuration.
action actions blog case environment exploiting firebase github github action github actions google injection legit project repositories repository threats vulnerabilities vulnerability