On March 17, Teddy Katz, a bug bounty hunter, and Google employee announced in a write-up about a GitHub vulnerability which the hunter discovered in the communication system between repositories and GitHub Actions, the organizations’ workflow automation software.
The vulnerability which enabled others to discover Actions secrets in GitHub repositories has been fixed up, and the researcher who found out the bug was awarded a bounty of $25,000. Read more…