Y
Hacker News
new
|
ask
|
show
|
jobs
by
ponytech
644 days ago
edit: Credentials for modifying the piepline were found in the .git/config file
2 comments
zettabomb
644 days ago
With Bitbucket, as well as Gitlab and likely others that I haven't used, the CI pipelines are stored as a plaintext configuration in the repo itself. So, repo commit access automatically gives you the ability to modify the pipeline.
link
lost_womble
644 days ago
This is why things like codeowners files are so important
link
matharmin
644 days ago
It's right at the start of the post - the git remote including credentials was exposed via the .git directory
link