Monday , February 3 2025
graph

Researcher to exploit CI / CD pipelines gaining full server access

The CTO of Razz Security, Mukesh, recently exploited CI/CD pipelines to gain full server access which has its origins in the presence of an exposed .git directory on a publicly available web server. For this flaw, anyone could read and download the entire version control.

It is examined that, this particular configuration file contained sensitive user credentials, and as a result of this, it dramatically escalates the exploit chain further. Bad actor can potentially use these credentials to perform a full server takeover cloning the entire Git repository.

RedSentry presents
Hacked 101 Seminar Successfully Ended at UITS

The cybersecurity seminar "RedSentry presents: Hacked 101," organized by RedSentry with the University of Information Technology and Sciences (UITS) as...
Read More
RedSentry presents  Hacked 101 Seminar Successfully Ended at UITS

US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

Researchers at the University of California, Berkeley, claims they’ve managed to reproduce the core technology behind DeepSeek’s at a total...
Read More
US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

This week, multiple research teams showcased jailbreaks for popular AI models, including OpenAI's ChatGPT, DeepSeek, and Alibaba's Qwen. After its...
Read More
ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

Paragon Attack WhatsApp With New Zero-Click Spyware

WhatsApp reveiled on Friday that a "zero-click" spyware attack, linked to the Israeli company Paragon, has targeted many users globally,...
Read More
Paragon Attack WhatsApp With New Zero-Click Spyware

Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio

At an all-hands meeting at Meta on Thursday, Mark Zuckerberg did not mention the company's $25 million settlement with Donald...
Read More
Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio

Indian tech giant Tata Tech hit by ransomware attack

Tata Technologies reported a ransomware incident affecting some IT services, but it did not disrupt client deliveries, according to a...
Read More
Indian tech giant Tata Tech hit by ransomware attack

Vulnarabilitties found in Cisco webex and VMware Aria operation

A serious cybersecurity flaw in Cisco Webex Chat has been discovered, allowing unauthorized attackers to access the chat histories of...
Read More
Vulnarabilitties found in Cisco webex and VMware Aria operation

Microsoft to boost M365 bounty program rewards Up to $27,000

Microsoft has announced a major expansion of its Microsoft 365 Bounty Program. The program now covers new Viva products for...
Read More
Microsoft to boost M365 bounty program rewards Up to $27,000

DeepSeek reveils over 1 million chat records; Italy Bans DeepSeek

Chinese AI startup DeepSeek has exposed two databases with sensitive user and operational information from its DeepSeek-R1 LLM model. Unsecured...
Read More
DeepSeek reveils over 1 million chat records; Italy Bans DeepSeek

Microsoft brings DeepSeeK to Azure AI Foundry and GitHub

Microsoft has added DeepSeek’s R1 AI model to its Azure AI Foundry platform and GitHub. This lets customers easily integrate...
Read More
Microsoft brings DeepSeeK to Azure AI Foundry and GitHub

This allows an attacker to take full control of source code, it highlights the importance of properly securing version control systems in web environments. Razz security report reads, To gain unauthorized access to a production server an attacker exploited Bitbucket Pipelines, reads .

While discovering the pipeline configuration file threat actor modified it to include their own SSH (Secure Shell) public key in the server’s authorized_keys file.

The altered pipeline script used the atlassian/ssh-run:0.2.8 pipe to execute commands on the target server (damn.vulnerable.site) as the ‘ubuntu’ user.

This modification allowed the attacker to add their key using the command: “echo ssh-rsa AAAA…snip…sw== >> /home/ubuntu/.ssh/authorized_keys”.

The next pipeline run is triggered by a code push to the master branch, such types of changes allows the attacker to gain SSH access to the server.

With this foothold, bad actor took shell access and full control over the compromised server, while this includes the ability to execute arbitrary commands.

Moreover, they noted a potential privilege escalation vulnerability, and this flaw could lead to root access, further expanding their control over the system.

This exploit chain highlights the dangers of exposing sensitive directories, like the .git folder, to the public and abusing CI/CD pipelines.

Mitigations
Here below we have mentioned all the mitigations:-

Make sure to regularly monitor and review SSH key access.
Remove outdated or unnecessary SSH keys.
Block public access to your .git directory.

Check Also

Zyxel

CVE-2024-40891
Zyxel CPE Zero-Day Exploited in the Wild

Security researchers have alerted about ongoing exploitation attempts of a newly found zero-day command injection …

Leave a Reply

Your email address will not be published. Required fields are marked *