// 공격 벡터
CI/CD compromise
주요 공격 벡터가 CI/CD compromise로 분류된 모든 인덱싱 사고. 공개 일자 기준 정렬.
2건 인덱싱됨
- ·CRITICAL8.6·confirmed
CircleCI Session Token Breach (2023)
Malware on a CircleCI engineer's laptop stole a 2FA-backed session token, giving the attacker production access to customer environment variables and any secrets stored in CircleCI.
벡터 / CI/CD compromise플랫폼 / CircleCI, GitHub, AWS분량 / 3분 - ·CRITICAL9.2·confirmed
Codecov Bash Uploader Compromise (2021)
Threat actors modified Codecov's Bash Uploader to exfiltrate environment variables containing tokens, credentials, and keys from CI/CD pipelines across roughly 29,000 affected organizations.
벡터 / CI/CD compromise플랫폼 / Codecov, GitHub, GitLab, +1분량 / 4분