Hi,
We found a critical vulnerability in one of the CI workflows in this repo. The repository remains vulnerable, allowing an attacker to exfiltrate secrets and a highly privileged GITHUB_TOKEN, potentially compromising the overall repository content. This would impact all the repo users
We are happy to coordinate for full disclosure and receive proper CVE via Github Security Advisory (GHSA).
Hi,
We found a critical vulnerability in one of the CI workflows in this repo. The repository remains vulnerable, allowing an attacker to exfiltrate secrets and a highly privileged GITHUB_TOKEN, potentially compromising the overall repository content. This would impact all the repo users
We are happy to coordinate for full disclosure and receive proper CVE via Github Security Advisory (GHSA).