← All stories
● Covered by 1 source Β· 1 reportHigh impact

Flaws in Cordyceps CI/CD Expose 300+ GitHub Repositories to Cyber Attacks

Aggregated by BrevFeed security Β· updated 4d ago
πŸ”– Save

Researchers identified a CI/CD vulnerability, codenamed Cordyceps, affecting over 300 repositories on GitHub. This flaw allows unauthenticated users to hijack workflows, posing significant risks to the supply chain of major organizations like Microsoft and Google.

Key points

Overview of Cordyceps Vulnerability

Cybersecurity researchers from Novee Security have discovered a serious flaw in CI/CD workflows, termed 'Cordyceps'. This vulnerability allows unauthenticated attackers to hijack workflows and potentially compromise open-source supply chains.

Scope and Impact

The vulnerability has been found in more than 300 repositories among a scan of around 30,000 high-impact repositories across major organizations such as Microsoft, Google, Apache, and Cloudflare. It enables attackers to execute code, steal credentials, and lead to severe supply chain compromises.

How the Flaw Works

The main issue arises from weak CI/CD configurations that afford overly broad permissions to pull requests (PRs), permitting untrusted data to trigger privileged workflows. This can result in various forms of attack, including command injection and privilege escalation.

Specific Cases Detected

Examples include a Microsoft Azure Sentinel pull request that could run attacker code to harvest sensitive tokens. Similarly, vulnerabilities in Apache Doris and Cloudflare Workers SDK allow a single comment or crafted branch name to execute harmful commands within their CI environments.

Conclusion

The findings underscore a critical need for robust auditing of CI/CD workflows to plug these vulnerabilities, as they exploit foundational open-source systems that most organizations rely on, posing risks that may not be detected by conventional security scans.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

Researchers identified a CI/CD vulnerability, codenamed Cordyceps, affecting over 300 repositories on GitHub. This flaw allows unauthenticated users to hijack workflows, posing significant risks to the supply chain of major organizations like Microsoft and Google.