high

Google Cloud Data Fusion GitHub Actions Vulnerabilities

Published Thu, Sep 26th, 2024
Platforms

Summary

Multiple "pwn request" vulnerabilities were discovered in Google Cloud Data Fusion, which is based on open-source CDAP code. These vulnerabilities affect GitHub Actions and allow for remote code execution (RCE) and compromise of build artifacts. The issues potentially impact both the Google Cloud platform and GitHub's CI/CD infrastructure.

Affected Services

Cloud Data Fusion

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Entry Status
Stub (AI-Generated)
Disclosure Date
Fri, Aug 9th, 2024
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
Monitor GitHub Actions logs for suspicious activity. Review build artifacts for unexpected changes or injections. Implement security scanning for GitHub Actions workflows, especially those interacting with Google Cloud Data Fusion.
Piercing Index Rating
-
Discovered by
Google Bug Hunters