|
|
|
|
|
|
by dlor
1741 days ago
|
|
|
Attacks here are incredibly common. Fortunately they're usually unsophisticated and are just plain crypto mining to steal CPU cycles. Worst case is if a CI system has permissions to deploy to production, which is really common too. Another common one to watch out for is permissions to publish artifacts. It's very common for a CI system to build and test something like a container image, then for another system to promote that image to production. Even when the CI system can't touch production directly, it can still be used to pivot to more sensitive targets. Great find and write-up from the teleport team. |
|
|