Strengthening supply chain security: Preparing for the next malware campaign

The open source ecosystem continues to face organized, adaptive supply chain threats that spread through compromised credentials and malicious package lifecycle scripts. The most recent example is the multi-wave Shai-Hulud campaign. While individual incidents differ in their mechanics and speed,...

EUVD-2021-10004

Malware in sbrugna...

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

Continuous integration and continuous delivery CI/CD misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of...

CVE-2021-22869

An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group...

Improper access control

An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group...

CVE-2021-22869

CVE-2021-22869 describes an improper access control in GitHub Enterprise Server that allowed a workflow job to execute in a self-hosted runner group it should not access. A repository with access to one enterprise runner group could access all enterprise runner groups within the same organization...

CVE-2021-22869 Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group

An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group...

PT-2021-15242 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.0.0 through 3.0.15 GitHub Enterprise Server versions 3.1.0 through 3.1.7 Description: An improper access control issue in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner...