2 matches found
Harden-Runner allows evasion of 'disable-sudo' policy
Summary Harden-Runner includes a policy option disable-sudo to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with...
Harden-Runner 安全漏洞
Harden-Runner is a program open-sourced by StepSecurity. Provides web exit filtering and runtime security for GitHub hosted and self-hosted runners. A security vulnerability exists in Harden-Runner versions prior to 0.12.0 through 2.12.0, which stems from a possible bypass of the disable-sudo...