ISC StormCast for Monday, December 5th, 2022
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
00:00
GitHub Actions - A New Thing in GitHub
Security company legit security wrote up a blog post outlining an interesting issue that may lead to vulnerabilities in projects using GitHub actions. These are scripts that are executed whenever a user submits a pull request. An attacker could essentially use this vulnerability to take over a particular repository. This is not a vulnerability in GitHub. It's really just a feature that may not be well understood often.
Transcript
Play full episode
