Y
Hacker News
new
|
ask
|
show
|
jobs
by
Perceptes
2629 days ago
But it does seem to be the case that the same SSH key pair that was used to access Jenkins also provided access to the production infrastructure. Unless I'm misunderstanding the nature of the attack.
1 comments
zigara
2629 days ago
It seems the issue was developers using SSH agent forwarding which was abused to access the production environment.
link