github actions vulnerability or "why bug bounties are a scam" (intermediate) anthony explains

Описание: today I talk about a vulnerability I found in github actions involving the `pull_request_target` feature and how it escalates to credential access / full repository access. I found over ~350 vulnerable repositories including ones owned by google, amazon, microsoft, alibabi, psf and more and document my experience (or lack thereof) with bug bounty programs.

more information on this vulnerability:
github's blog post about it: https://securitylab.github.com/resear...
proof of concept repository: https://github.com/throwaway-gha/gha-... (archived because otherwise you can exploit it!)
previous `set-env` / `add-path` vulnerability information: https://bugs.chromium.org/p/project-z...
sponsor me on github: https://github.com/sponsors/asottile

playlist:    • anthony explains  

==========

twitch:   / anthonywritescode  
dicsord:   / discord  
twitter:   / codewithanthony  
github: https://github.com/asottile
stream github: https://github.com/anthonywritescode

I won't ask for subscriptions / likes / comments in videos but it really helps the channel. If you have any suggestions or things you'd like to see please comment below!