Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack
Posted: Mon Jan 08, 2024 11:41 pm
Tens of thousands of public GitHub repositories are vulnerable to malicious code injection via self-hosted GitHub Actions runners, which could lead to high-impact supply chain attacks, security researchers warn.
This new class of CI/CD attacks can be launched if a repository has self-hosted runners attached. These are “build agents hosted by end users running the Actions runner agent on their own infrastructure,” Praetorian security researcher Adnan Khan explains.
A self-hosted runner attached to a repository can be used by any workflow running in that repository’s context, and this also applies to workflows from fork pull requests, which could run malicious code, thus representing a major security risk.
[...]
Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack
This new class of CI/CD attacks can be launched if a repository has self-hosted runners attached. These are “build agents hosted by end users running the Actions runner agent on their own infrastructure,” Praetorian security researcher Adnan Khan explains.
A self-hosted runner attached to a repository can be used by any workflow running in that repository’s context, and this also applies to workflows from fork pull requests, which could run malicious code, thus representing a major security risk.
[...]
Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack