Back to directory
WRITEUP #3905

Stealing arbitrary GitHub Actions secrets

Logic BugLogic flaw
by@not_aardvark(Teddy Katz)
Bounty
25,000
Program
GitHub
Published
Mar 17, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://blog.teddykatz.com/2021/03/17/github-actions-write-access.html
RELATED WRITEUPS
Logic Flaw: I Can Block You from Accessing Your Own Account
Logic BugLogic flaw
“Like” Bypass on Customer Reviews — €500 bounty
Logic BugLogic flaw
Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat