If you have a public GitHub repo, you have a public GitHub repo.
securityweek.com/github-actions-artifacts-leak-tokens-and-expose-cloud-services-and-repositories/
If you use CI/CD, all of that data is public too.
By design, but easy to overlook.
Real Aetherness /
npub1wj…jn95j
2024-08-20 09:42:42
Author Public Key
npub1wj863g5d8grekajsm6ggsuu63n3klk7kmqasq3t9k9sf0paauwgq3jn95jPublished at
2024-08-20 09:42:42Event JSON
{
"id": "129ab35219ccbb4bf5cd81e455c68055dbc9e73d379151a75801d944275ad298",
"pubkey": "748fa8a28d3a079b7650de9088739a8ce36fdbd6d83b004565b1609787bde390",
"created_at": 1724146962,
"kind": 1,
"tags": [
[
"proxy",
"https://poa.st/objects/84734ae3-e3ba-46e6-af53-fba3f166c6f8",
"activitypub"
]
],
"content": "If you have a public GitHub repo, you have a public GitHub repo. \n\nsecurityweek.com/github-actions-artifacts-leak-tokens-and-expose-cloud-services-and-repositories/\n\nIf you use CI/CD, all of that data is public too.\n\nBy design, but easy to overlook.",
"sig": "841dae0e966bccb3ae90880452d58a178eb19ce7d4071a04c9eebbc16d6a198db9ca621ee9b13e4ae58fc490bfd3f2ec72b6f6b99758c99c2098a2e4e0f69bf8"
}