Hacked pipelines defaced Microsoft's WSL repository with pro-Palestine messages

chobeat@lemmy.ml · 3 days ago

Hacked pipelines defaced Microsoft's WSL repository with pro-Palestine messages

imnapr@discuss.tchncs.de · 3 days ago

based

Zenlix@lemm.ee · 3 days ago

How can such thing happen? Was an account hacked that had the permissions?

BlackEco@lemmy.blackeco.com · 3 days ago

Most likely someone submitted a pull request that abused the GitHub token of the Action running on new PRs in order to edit all the other pull requests.

chobeat@lemmy.ml · 3 days ago

It could also be an inside job. Anti-genocide resistance within Microsoft is quite strong and active.

azron@lemmy.ml · 3 days ago

Hacked pipeline? These are just pull requests anyone can submit them.

BlackEco@lemmy.blackeco.com · edit-2 3 days ago

If you watch the PRs history, you can see that the user github-actions edited them. This user is the default one when a GitHub Action (the pipeline OP refers to) alters the repo. So someone probably submitted a pull request abusing the GitHub token when the Action ran on their PR.

amino@lemmy.blahaj.zone · 3 days ago

based

Hacked pipelines defaced Microsoft's WSL repository with pro-Palestine messages

Hacked pipelines defaced Microsoft's WSL repository with pro-Palestine messages

Pull requests · microsoft/WSL