Mastodawn

GitHub CodeQL Actions Critical Supply Chain Vulnerability (CodeQLEAKED)

https://www.praetorian.com/blog/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/

#HackerNews #GitHub #CodeQL #CodeQLEAKED #SupplyChain #Vulnerability #CyberSecurity

CodeQLEAKED - Public Secrets Exposure Leads toSupply Chain Attack on GitHub CodeQL

An exposed GitHub token could have been used to launch a supply chain attack on GitHub CodeQL, resulting in source code exposure and repository tampering of CodeQL users.

Praetorian