Google Cloud Data Fusion GitHub Actions Vulnerabilities
Published Thu, Sep 26th, 2024
Platforms
Summary
Multiple "pwn request" vulnerabilities were discovered in Google Cloud Data Fusion, which is based on open-source CDAP code. These vulnerabilities affect GitHub Actions and allow for remote code execution (RCE) and compromise of build artifacts. The issues potentially impact both the Google Cloud platform and GitHub's CI/CD infrastructure.
Monitor GitHub Actions logs for suspicious activity. Review build artifacts for unexpected changes or injections. Implement security scanning for GitHub Actions workflows, especially those interacting with Google Cloud Data Fusion.