25 Methods for Pipeline Attacks

Jan 26, 2025

∙ Paid

Add Approver using Admin permission on CI

Unauthorized Approver Addition

In this scenario, an attacker with admin permissions on the CI pipeline adds an unauthorized user as an approver, potentially bypassing necessary security checks.

# Add unauthorized user as an approver
ci-tool add-approver --pipeline pipeline-name --user unauthorized-user

Exploiting We…

Keep reading with a 7-day free trial

Subscribe to RedTeamGuides to keep reading this post and get 7 days of free access to the full post archives.

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts