Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI | allinfosecnews.com

Nov. 14, 2023, 8 a.m. |

Microsoft Security Response Center msrc-blog.microsoft.com

Summary Summary The Microsoft Security Response Center (MSRC) was made aware of a vulnerability where Azure Command-Line Interface (CLI) could expose sensitive information, including credentials, through GitHub Actions logs. The researcher, from Palo Alto’s Prisma Cloud, found that Azure CLI commands could be used to show sensitive data and output to Continuous Integration and Continuous Deployment (CI/CD) logs.

actions alto aware azure center cli cloud command credentials data expose found github github actions guidance information interface leaked logs microsoft microsoft security msrc palo palo alto prisma prisma cloud researcher response security sensitive sensitive data sensitive information vulnerability

More from msrc-blog.microsoft.com / Microsoft Security Response Center

Congratulations to the Top MSRC 2024 Q1 Security Researchers! 2 weeks, 2 days ago | msrc-blog.microsoft.com

check chen customers hard +13

Toward greater transparency: Adopting the CWE standard for Microsoft CVEs 3 weeks, 4 days ago | msrc-blog.microsoft.com

center communities current customers +20

Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team 1 month ago | msrc-blog.microsoft.com

analysts banking collect curiosity +20

Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard 1 month, 3 weeks ago | msrc-blog.microsoft.com

actions actor attack blizzard +24

Faye’s Journey: From Security PM to Diversity Advocate at Microsoft 2 months ago | msrc-blog.microsoft.com

career deployment desktop desktops +9

Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and … 2 months ago | msrc-blog.microsoft.com

award awards bounty bug +16

From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin 2 months, 1 week ago | msrc-blog.microsoft.com

adventures cybersecurity dream found +7

An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career … 2 months, 1 week ago | msrc-blog.microsoft.com

bruce career college dream +13

New Security Advisory Tab Added to the Microsoft Security Update Guide 2 months, 2 weeks ago | msrc-blog.microsoft.com

advisory customers feedback guide +16

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

SITEC- Systems Security Administrator- Camp HM Smith

@ Peraton | Camp H.M. Smith, HI, United States

View on infosec-jobs.com

Cyberspace Intelligence Analyst

@ Peraton | Fort Meade, MD, United States

View on infosec-jobs.com

General Manager, Cybersecurity, Google Public Sector

@ Google | Virginia, USA; United States

View on infosec-jobs.com

Cyber Security Advisor

@ H&M Group | Stockholm, Sweden

View on infosec-jobs.com

Engineering Team Manager – Security Controls

@ H&M Group | Stockholm, Sweden

View on infosec-jobs.com