Novee Security Exposes CI/CD Flaws Across 300+ GitHub Repos

Security researchers at Novee Security found a class of CI/CD misconfiguration vulnerabilities they named "Cordyceps" that, according to The Hacker News, left over 300 high-profile GitHub repositories exposed to supply chain attacks. The flaw stems from CI/CD workflow configurations that grant pull requests excessive permissions, allowing untrusted code to trigger privileged workflows and enabling command injection, privilege escalation, and credential theft across downstream dependencies.

In a scan of approximately 30,000 repositories, Novee identified exploitable instances at Microsoft Azure Sentinel, Google's AI Agent Development Kit, Apache Doris, Cloudflare's Workers SDK, and the Python Software Foundation's Black formatter. The attack paths varied: at Microsoft Azure Sentinel, an attacker could execute anonymous code via a PR comment and steal non-expiring GitHub App keys; at Google's AI Agent Development Kit, a crafted pull request could give an attacker full authority over Google Cloud repositories; Apache Doris was exposed to zero-click attacks via PR comments or forked repositories that exfiltrated CI credentials with full write permissions. Microsoft and Google confirmed impact; Cloudflare, Python, and Apache applied patches and hardening measures following responsible disclosure.

Elad Meged, founding engineer at Novee Security, described the attack's accessibility plainly: "The flaw is exploitable by any unauthenticated user. No org membership or special privileges; a free account is enough to forge approvals, push code, or steal credentials."

The reporting does not say how many of the 300-plus repositories have since been patched, or whether any were exploited in the wild before Novee disclosed -- those are real gaps. A scan finding and an active exploitation are not the same thing, and the article does not address whether any harm occurred. But confirmed responses from both Microsoft and Google suggest the findings were substantive. For security teams, the more useful takeaway is that CI/CD misconfiguration of this type responds well to auditing: the patterns Novee identified are checkable, and any team running GitHub Actions can review workflow permission settings without waiting for a vendor patch.