/
2022-05-30 Phishing PRs
2022-05-30 Phishing PRs
- Sally MacFarlane
Owned by Sally MacFarlane
Last updated: Jun 12, 2024
May 30 2022: several suspicious (closed) PRs were noticed (on besu and other non-hyperledger repos). Several attempts to add a command to our Circle CI jobs that would retrieve contents of environment variables and send to a remote server.
User was reported to github (and has been removed)
Issue reported to Circle CI and they reported back:
secrets were not exposed
Recommend disabling this CI setting: Pass secrets to builds from forked pull requests
Recommend rotating credentials
Unfortunately, disabling the "pass secrets to forked PRs" means that Sonar can't run on PRs
- plan is to temporarily disable this while we figure out a solution
, multiple selections available,
Related content
2022-01-28 Meeting Minutes
2022-01-28 Meeting Minutes
More like this
2021-12-13 Meeting Minutes
2021-12-13 Meeting Minutes
More like this
2023-08-08 Cacti Maintainers Agenda
2023-08-08 Cacti Maintainers Agenda
More like this
2022 Q3 Hyperledger Cactus
2022 Q3 Hyperledger Cactus
More like this
2021 Q1 Hyperledger Besu
2021 Q1 Hyperledger Besu
More like this