Supply Chain Incident
Codecov Bash Uploader credential exfiltration
The Codecov Bash Uploader was modified by an attacker, enabling environment variable and credential exfiltration from affected CI environments.
ConfidenceHigh
Evidence LevelVendor
Attack StageCi Cd Compromise
Source Artifact DivergenceYes
Affected Packages
No structured records.
Affected Releases
No structured records.
Repositories
Organizations
Maintainers
No structured records.
Threat Actors
No structured records.
Campaigns
No structured records.
Build Systems
- Codecov Bash Uploader distribution pipeline
Distribution Channels
- Codecov Bash Uploader download path
Compromised Accounts
No structured records.
Connected Entities
- Codecov Organization
- Codecov Bash Uploader distribution pipeline Build System
- Codecov Bash Uploader download path Distribution Channel
- codecov/codecov-bash Repository
References
- Bash Uploader Security Update Codecov · 2021-04-15