Search Results: CICDSecurity

A critical Time-of-Check-Time-of-Use vulnerability in Google Cloud Build's GitHub integration allowed attackers to hijack privileged CI/CD pipelines by exploiting a maintainer approval race condition. The $30,000-bounty flaw demonstrates how subtle timing gaps in DevOps toolchains can become dangerous privilege escalation vectors.

Security researcher 'sellathechemist' reveals a critical flaw in GitLab's handling of CI/CD pipeline tokens, demonstrating how these sensitive credentials can be silently exfiltrated via the GitLab API without triggering permission checks. This vulnerability exposes pipelines to impersonation attacks and unauthorized repository access, posing a significant threat to software supply chains.