5 matches found
Replacement of bash script by an attacker to one that includes malicious commands in Codecov Bash uploader version All versions downloaded from Jan 2021 through April 2021. Because the attacker had control of the script the version # included in it cannot be trusted.
In Codecov Codecov Bash uploader version All versions downloaded from Jan 2021 through April 2021. Because the attacker had control of the script the version included in it cannot be trusted. a Replacement of bash script by an attacker to one that includes malicious commands exists in the The Bas...
GSD-2021-1000009 Replacement of bash script by an attacker to one that includes malicious commands in Codecov Bash uploader version All versions downloaded from Jan 2021 through April 2021. Because the attacker had control of the script the version # included in it cannot be trusted.
In Codecov Codecov Bash uploader version All versions downloaded from Jan 2021 through April 2021. Because the attacker had control of the script the version included in it cannot be trusted. a Replacement of bash script by an attacker to one that includes malicious commands exists in the The Bas...
Rapid7 Source Code Breached in Codecov Supply-Chain Attack
Cybersecurity company Rapid7 on Thursday revealed that unidentified actors improperly managed to get hold of a small portion of its source code repositories in the aftermath of the software supply chain compromise targeting Codecov earlier this year. "A small subset of our source code repositorie...
Backdoor Found in Codecov Bash Uploader
Developers have discovered a backdoor in the Codecov bash uploader. Its been there for four months. We dont know who put it there. Codecov said the breach allowed the attackers to export information stored in its users continuous integration CI environments. This information was then sent to a...
Codecov Discloses Supply Chain Compromise
The following blog was co-authored by Curt Barnard and Caitlin Condon. On April 15, 2021, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization, enabling the...