Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory | Open Awesome

Home
CI/CD Attacks
Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory

Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory

Visit Website GitHub

0 stars0 forks0 contributors

Overview

Leaking secrets from vulnerable GitHub Actions workflows is possible via several methods: reading files/environment variables, intercepting communication, and dumping runner memory

Quick Stats

Stars0

Forks0

Contributors0

Open Issues0

Related Projects

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub

Last commit

Created

Links & Resources

Website

Included in

CI/CD Attacks578

Living off the pipeline

Supply Chain Security Research - Living Off The Pipeline tools

Stars152

Forks14

Last commit1 month ago

From Self-Hosted GitHub Runner to Self-Hosted Backdoor

Attackers exploit misconfigured runners and weak PAT security to gain persistence, escalate privileges, and move laterally

Stars0

Forks0

Last commit

How We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source Projects

Extracting all repository and organization secrets in GitHub Actions

Stars0

Forks0

Last commit

The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree

A novel GitHub Actions worm exploits the action dependency tree. Attackers compromise an action, then infect dependent actions via branch pushes or tag overwrites, spreading malware recursively

Stars0

Forks0

Last commit