Back to directory

WRITEUP #3863

Gain write permission of repositories with a bug in GitHub Actions

Logic BugBroken Access ControlLogic flaw

by@tyage(tyage)

Bounty

25,000

Program

GitHub

Published

Apr 2, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://blog.tyage.net/posts/2021-04-02-improper-access-control-github-workflow/

▸ RELATED WRITEUPS

Logic Flaw: I Can Block You from Accessing Your Own Account

Logic BugLogic flaw

“Like” Bypass on Customer Reviews — €500 bounty

Logic BugLogic flaw

Vestaboard: Exploring Broken Access Controls and Privilege Escalation

Privilege EscalationBroken Access Control

How I Earned $469 Bounty: Bypassing Plan Restriction

Privilege EscalationBroken Access Control

Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat