National Cyber Warfare Foundation (NCWF)

CodeQLEAKED Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL
0 user ratings		2025-03-26 13:39:18
milo
Blue Team (CND)

A potential supply chain attack on GitHub CodeQL started simply: a publicly exposed secret, valid for 1.022 seconds at a time. In that second, an attacker could take a series of steps that would allow them to execute code within a GitHub Actions workflow in most repositories using CodeQL, GitHub’s code analysis engine trusted by […]


The post CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL appeared first on Praetorian.


The post CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL appeared first on Security Boulevard.



Harry Hayward

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/03/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/?utm_source=rss&utm_medium=rss&utm_campaign=codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.