Supply chain, Third-party code, DevSecOps

Supply chain attacks possible with TensorFlow CI/CD misconfigurations

TensorFlow instances on GitHub and PyPi could have been subjected to supply chain attacks involving the exploitation of continuous integration and continuous delivery vulnerabilities within the open-source machine learning framework, reports The Hacker News.

Aside from enabling malicious GitHub deployments, successful attacks could also facilitate remote code execution on self-hosted GitHub runners, as well as GitHub Personal Access Token retrieval, according to a report from Praetorian. Further investigation revealed old fork pull requests on TensorFlow workflows on self-hosted runners, which prompted CI/CD workflows even without approval, as well as the presence of a non-ephemeral self-hosted runner and GITHUB_TOKEN having write permissions in workflow logs. Moreover, malicious Python files could also be injected into packages through the use of the AWS_PYPI_ACCOUNT_TOKEN.

"An attacker could also use the GITHUB_TOKEN's permissions to compromise the JENKINS_TOKEN repository secret, even though this secret was not used within workflows that ran on the self-hosted runners," added researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds