How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories

research.kudelskisecurity.com

How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories

research.kudelskisecurity.com

JaromilMA to

Cyber Security · 6 months ago

In this blog post, we explain how we got remote code execution (RCE) on CodeRabbit’s production servers, leaked their API tokens and secrets, how we could have accessed their PostgreSQL datab…

You must log in or # to comment.

Chat

Cyber Security

cybersec

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !cybersec@fed.dyne.org

🕵🏿 Surveillance, Information security, Cybersecurity, Interoperability, Analytics, Data tracking, Digital Disinformation, Decentralised Finance, Algorithmic Sovereignty & Privacy By Design.

Questions and answers are encouraged. Be excellent to each other. 🕊️

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
6 users / week
6 users / month
32 users / 6 months
7 local subscribers
136 subscribers
59 Posts
25 Comments
Modlog