How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories

research.kudelskisecurity.com

cross-posted to:
Technology@programming.dev
cybersec@fed.dyne.org
security@lemmy.ml
hackernews@lemmy.bestiver.se

How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories

research.kudelskisecurity.com

Tiff@reddthat.com to

TechSploits@reddthat.comEnglish · 20 days ago

cross-posted to:
Technology@programming.dev
cybersec@fed.dyne.org
security@lemmy.ml
hackernews@lemmy.bestiver.se

In this blog post, we explain how we got remote code execution (RCE) on CodeRabbit’s production servers, leaked their API tokens and secrets, how we could have accessed their PostgreSQL datab…

You must log in or # to comment.

Chat