The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree

Living off the pipeline

Supply Chain Security Research - Living Off The Pipeline tools

From Self-Hosted GitHub Runner to Self-Hosted Backdoor

Attackers exploit misconfigured runners and weak PAT security to gain persistence, escalate privileges, and move laterally

How We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source Projects

Extracting all repository and organization secrets in GitHub Actions

Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory

Leaking secrets from vulnerable GitHub Actions workflows is possible via several methods: reading files/environment variables, intercepting communication, and dumping runner memory