TLDR:
- A security researcher exploited CI/CD pipelines to gain full server access by exploiting a security flaw in an exposed .git directory.
- The attacker modified a pipeline configuration file to gain SSH access to the server and eventually gain shell access and full control over the compromised server.
A potentially dangerous security flaw was identified when an exposed .git directory on a publicly available web server allowed an attacker to read and download sensitive user credentials. The attacker then modified a pipeline configuration file to gain SSH access to the server and ultimately gained shell access and full control over the compromised server. This exploit chain highlights the risks of exposing sensitive directories and misconfiguring CI/CD pipelines.
To mitigate these risks, it is important to regularly monitor SSH key access, remove outdated or unnecessary SSH keys, and block public access to .git directories.