adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank

Preview meta tags from the adnanthekhan.com website.

Linked Hostnames

Thumbnail

Search Engine Appearance

Google

https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank

An Obscure Actions Workflow Vulnerability in Google's Flank

Introduction Recently, I reported a “Pwn Request” vulnerability in Google’s Flank repository. Flank is described as a “Massively parallel Android and iOS test runner for Firebase Test Lab” and is an official Google open source project. The vulnerability allowed anyone with a GitHub Account to steal Google service account credentials which were used as a repository secret along with obtaining access to a GITHUB_TOKEN with write access. Google’s VRP rewarded me with a $7,500 bug bounty for this report as a Software Supply Chain compromise under the “Standard OSS Project” tier.

Bing

An Obscure Actions Workflow Vulnerability in Google's Flank

https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank

DuckDuckGo

https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank

An Obscure Actions Workflow Vulnerability in Google's Flank

General Meta Tags
13
- title
  An Obscure Actions Workflow Vulnerability in Google's Flank | Adnan Khan's Blog
- charset
  utf-8
- X-UA-Compatible
  IE=edge
- viewport
  width=device-width, initial-scale=1, shrink-to-fit=no
- robots
  index, follow
Open Graph Meta Tags
7
- og:url
  https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank/
- og:site_name
  Adnan Khan's Blog
- og:title
  An Obscure Actions Workflow Vulnerability in Google's Flank
- og:description
  Introduction Recently, I reported a “Pwn Request” vulnerability in Google’s Flank repository. Flank is described as a “Massively parallel Android and iOS test runner for Firebase Test Lab” and is an official Google open source project. The vulnerability allowed anyone with a GitHub Account to steal Google service account credentials which were used as a repository secret along with obtaining access to a GITHUB_TOKEN with write access. Google’s VRP rewarded me with a $7,500 bug bounty for this report as a Software Supply Chain compromise under the “Standard OSS Project” tier.
- og:locale
  en-us
Twitter Meta Tags
4
- twitter:card
  summary_large_image
- twitter:image
  https://adnanthekhan.com/wp-content/uploads/2024/03/image-1.png
- twitter:title
  An Obscure Actions Workflow Vulnerability in Google's Flank
- twitter:description
  Introduction Recently, I reported a “Pwn Request” vulnerability in Google’s Flank repository. Flank is described as a “Massively parallel Android and iOS test runner for Firebase Test Lab” and is an official Google open source project. The vulnerability allowed anyone with a GitHub Account to steal Google service account credentials which were used as a repository secret along with obtaining access to a GITHUB_TOKEN with write access. Google’s VRP rewarded me with a $7,500 bug bounty for this report as a Software Supply Chain compromise under the “Standard OSS Project” tier.
Link Tags
7
- apple-touch-icon
  https://adnanthekhan.com/apple-touch-icon.png
- canonical
  https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank/
- icon
  https://adnanthekhan.com/favicon.ico
- icon
  https://adnanthekhan.com/favicon-16x16.png
- icon
  https://adnanthekhan.com/favicon-32x32.png
Website Locales
1
- en
  https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank/

adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank

Linked Hostnames

Thumbnail

Search Engine Appearance

Google

An Obscure Actions Workflow Vulnerability in Google's Flank

Bing

An Obscure Actions Workflow Vulnerability in Google's Flank

DuckDuckGo

An Obscure Actions Workflow Vulnerability in Google's Flank

General Meta Tags

Open Graph Meta Tags

Twitter Meta Tags

Link Tags

Website Locales

Links