Google Project Zero (GPZ) finds security flaw in GitHub,Systems,Security/Firewalls

public Websites        
app_shortcut Software / Apps
devices Hardware / Gadgets
hub Networks
system_update_alt Systems
feedBlog 
starInnovators

public 
app_shortcut 
devices
hub 
system_update_alt 
feed 
star

        Adv

Google Project Zero (GPZ) finds security flaw in GitHub3rd Nov 2020 | category: Security/Firewalls  |  Hits: 2137 
Google's Project Zero in July found a security flaw in Microsoft's GitHub. The bug relates to GitHub Actions' workflow commands and is described as being high severity.

As the runner process parses every line printed to STDOUT looking for workflow commands, every GitHub action that prints untrusted content as part of its execution is vulnerable. In most cases, the ability to set arbitrary environment variables results in remote code execution as soon as another workflow is executed,"

GitHub failed to fix the bug as per the standard 90-day disclosure period thus being made public. Since 2014 GPZ publishes a vulnerability in a certain vendor's software or Hardware, they always notice the owners before making it public.However, GitHub in their defence on 1st October made a press release on their blog.

"A moderate security vulnerability has been identified in the GitHub Actions runner that can allow environment variable and path injection in workflows that log untrusted data to STDOUT. This can result in environment variables being introduced or modified without the intention of the workflow author."
see more here Github Blog

                    Tags:
                           Security 
                                            Cybersecurity 
                      
                    Share link: 
                    
                                 Share
                                
                                  share
                                
                                 WhatsApp
                                
Related Posts
                            What Is the Difference Between SDD and HDD
                            Howto stop vulnerable Open Memcached on a Zimbra Server.
                            YES! USB Photo Album Voice Recorder
                            Google Chrome: Howto Reset Browsing History from your Browser
                            Howto launch elevated Commandline and change date and time
                            Howto Create a Distribution List or Mailing List in Zimbra mail server
                            How-to share a broadband internet connection on more than one computer.
                            Toshiba Introduces The Qosmio X500 Gaming Laptop.
                            How safe is your Preferred Android Lock Screen Method?
                            Dell's New 10.1inch Inspiron Duo is a true Convertible!
                    
Adv