CICD Token Scope Modification
ID |
ci_token_scope |
Severity |
critical |
Resource |
Organization |
Impact
Changes in the scope of a CI/CD token can impact the level of access and actions that the token can perform within your CI/CD pipeline and the associated services. CI/CD tokens are used to authenticate and authorize CI/CD jobs, and unauthorized changes to their scope can have several security and operational implications:
-
Elevated Privileges: Expanding the scope of a CI/CD token can grant it additional privileges and access to sensitive resources or services that it shouldn’t have access to.
-
Data Exposure: An attacker can modify the token’s scope to gain access to sensitive data or services, potentially leading to data breaches or unauthorized data access.
-
Code Execution: Changing the scope of a CI/CD token could lead to the execution of unauthorized code, potentially compromising the integrity and security of your CI/CD pipelines.
-
Operational Disruption: Unauthorized changes can disrupt the operational stability of your CI/CD pipelines, causing unintended consequences or system outages.
