Y
Hacker News
new
|
ask
|
show
|
jobs
by
deepwell
2623 days ago
it was not, read again
1 comments
Perceptes
2623 days ago
But it does seem to be the case that the same SSH key pair that was used to access Jenkins also provided access to the production infrastructure. Unless I'm misunderstanding the nature of the attack.
link
zigara
2623 days ago
It seems the issue was developers using SSH agent forwarding which was abused to access the production environment.
link