Source: medium.com
Attacking CI/CD Tools The Crown Jewels — Series 2Category: automation, shell
Automating to build projects based on pull requests is something DevOps teams cannot avoid in CI/CD pipelines. When you set up automated builds (also called auto builds), you create a list of branches and tags that you want to build.
In this blog post, we will see how internal users with no access to build servers harness automated build triggers to their advantage to gain access to the build servers and infrastructure.
The build doesn’t wait for a peer review and this is where an internal can harness this feature to their advantage.
Every time a build is invoked based on this container, it creates an avenue for the attacker to gain access to the build tool by initiating a connection to the attacker's machine.
In this blog post, we will see how internal users with no access to build servers harness automated build triggers to their advantage to gain access to the build servers and infrastructure.
The build doesn’t wait for a peer review and this is where an internal can harness this feature to their advantage.
Every time a build is invoked based on this container, it creates an avenue for the attacker to gain access to the build tool by initiating a connection to the attacker's machine.
Related Articles
Community Partners
DevOps Careers