How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories
How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories
research.kudelskisecurity.com
How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories
In this blog post, we explain how we got remote code execution (RCE) on CodeRabbit’s production servers, leaked their API tokens and secrets, how we could have accessed their PostgreSQL database, and how we obtained read and write access to 1 million code repositories, including private ones.
