✉️ Sign up for the mailing list ✉️
https://mailing.bugbountyexplained.com/

? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215

This video is an explanation of a critical vulnerability in GitHub that was found by Teddy Katz. He got $25,000 from GitHub bug bounty program.

Report:
https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html
Reporter’s twitter:

Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:38 what is commit, branch, fork and pr?
03:15 A pull request with commit as base
04:23 GitHub actions
07:14 The exploit

Add comment

Your email address will not be published. Required fields are marked *