Skip to content

Instantly share code, notes, and snippets.

@anderssonjohan
Created September 2, 2020 12:39

Revisions

  1. anderssonjohan created this gist Sep 2, 2020.
    3 changes: 3 additions & 0 deletions eop_github_actions.svg
    Loading
    Sorry, something went wrong. Reload?
    Sorry, we cannot display this file.
    Sorry, this file is invalid so it cannot be displayed.
    4 changes: 4 additions & 0 deletions readme.md
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,4 @@
    Illustration of elevation of privilege vulnerability using GitHub Actions where GitHub Personal Access Tokens (PAT)
    are used to trigger the repository_dispatch event, which requires write access to the target repository.
    With write access to the repo, the access allows creating workflows that prints the secrets in the target repository,
    which may contain GitHub secrets on the repo level or org level secrets only given out to selected repositories.