Y
Hacker News
new
|
ask
|
show
|
jobs
by
securesaml
39 days ago
Nice find. The tokens being leaked in actions log was not one of the security implications I thought of when they released the feature.
How many other actions/libraries do you think are vulnerable?
1 comments
damienwebdev
39 days ago
I don't have an exact count, but during my analysis, I found that ~40 of the top 100 starred repos in the PHP ecosystem were impacted. Primarily by jobs that run `on: schedule` or by a maintainer with an `on: push`
link