✉️ Sign up for the mailing list ✉️
https://mailing.bugbountyexplained.com/
? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215
This video is an explanation of a critical vulnerability in GitHub that was found by Teddy Katz. He got $25,000 from GitHub bug bounty program.
Report:
https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html
Reporter’s twitter:
Follow me on twitter:
https://twitter.com/gregxsunday
Timestamps:
00:00 Intro
00:38 what is commit, branch, fork and pr?
03:15 A pull request with commit as base
04:23 GitHub actions
07:14 The exploit
Add comment