Wiz security researchers have uncovered that the compromised GitHub Action reviewdog/action-setup may have been the root cause of the recent GitHub supply chain attack, which leaked CI/CD secrets from over 23,000 projects through a stolen personal access token. This token was reportedly acquired when reviewdog/action-setup was compromised prior to March 14. The malicious code injected into this action resulted in critical secrets being exposed, allowing for further access to the tj-actions/changed-files GitHub Action, which has a much wider user base, thereby amplifying the attack's impact.
Researchers have determined that the recent GitHub supply chain attack may trace back to the compromise of reviewdog/action-setup, leading to the exposure of numerous CI/CD secrets.
The exploitation of a stolen personal access token has been linked to malicious code found in reviewdog/action-setup, serving as the gateway to targeting tj-actions.
Collection
[
|
...
]