"The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub."
https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/
#security #infosec #netsec #supplychain #python #pypi
dethos / Gonçalo Valério
npub1c8…lvmv9
2024-07-12 10:25:11
Author Public Key
npub1c86s34sfthe0yx4dp2sevkz2njm5lqz0arscrkhjqhkdexn5kuqqtlvmv9Published at
2024-07-12 10:25:11Event JSON
{
"id": "70bca0ba1e9a7a58de6549191a12ed8e343ddf39587efa7c5f4c677f99b75173",
"pubkey": "c1f508d6095df2f21aad0aa196584a9cb74f804fe8e181daf205ecdc9a74b700",
"created_at": 1720779911,
"kind": 1,
"tags": [
[
"t",
"security"
],
[
"t",
"infosec"
],
[
"t",
"netsec"
],
[
"t",
"supplychain"
],
[
"t",
"python"
],
[
"t",
"pypi"
]
],
"content": "\"The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub.\"\n\nhttps://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/\n\n#security #infosec #netsec #supplychain #python #pypi",
"sig": "cc5eb336320171241a84ef79f05f84ac8d1960ee8b9827c0abbee491e2ca9e881eae9fbdff9fb69e874470230307f549c165ec5fcf4bfa898274a83d2d59a67d"
}