A publicly exposed `.git` directory, a common oversight in modern development, served as the initial vulnerability, which contained sensitive information, including source code and commit history.  By leveraging the exposed commit history, an attacker was able to identify a specific commit that included a vulnerable version of a dependency containing a known remote code execution … Continue reading Researcher Hacks CI/CD Pipelines for Full Server Access