Y
Hacker News
new
|
ask
|
show
|
jobs
by
Everdred2dx
454 days ago
How does this siphon the secrets away? It looks like it just dumps them out to stdout and stops there.
1 comments
varunsharma07
454 days ago
Yes, just prints to the build log, so the risk is higher for public repos. Lot of public repos have creds printed in their build logs due to this compromised action.
link