Skip to content

Commit

Permalink
docs: audits: add another env hacking reference (woodruffw#266)
Browse files Browse the repository at this point in the history
  • Loading branch information
@woodruffw
woodruffw authored Dec 9, 2024
1 parent 70f9368 commit 2e7b95e
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions docs/audits.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -684,6 +684,7 @@ Other resources:
* [GitHub Actions exploitation: environment manipulation]
* [GHSL-2024-177: Environment Variable injection in an Actions workflow of Litestar]
* [Google & Apache Found Vulnerable to GitHub Environment Injection]
* [Hacking with Environment Variables]

### Remediation

Expand All @@ -709,3 +710,4 @@ If you need to pass state between steps, consider using `GITHUB_OUTPUT` instead.
[GHSL-2024-177: Environment Variable injection in an Actions workflow of Litestar]: https://securitylab.github.com/advisories/GHSL-2024-177_Litestar/
[Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline]: https://www.legitsecurity.com/blog/github-privilege-escalation-vulnerability
[Google & Apache Found Vulnerable to GitHub Environment Injection]: https://www.legitsecurity.com/blog/github-privilege-escalation-vulnerability-0
[Hacking with Environment Variables]: https://www.elttam.com/blog/env/

0 comments on commit 2e7b95e

Please sign in to comment.