A critical vulnerability in CloudPirates Open Source Helm Charts exposed sensitive credentials through unsafe GitHub Actions workflow practices. The generate-schema.yaml workflow, prior to commit fcf9302, performed unsafe repository checkouts and credential handling that allowed fork-controlled code to access a Personal Access Token and SSH signing key. This represents a supply-chain security risk where m [truncated]
A critical vulnerability in CloudPirates Open Source Helm Charts allowed arbitrary code execution from fork pull requests within a privileged GitHub Actions workflow context. Prior to commit fcf9302, the pull-request.yaml workflow executed attacker-controlled code without maintainer approval, exposing repository secrets including Docker Hub credentials and tokens. The CVSS 3.1 score of 10.0 reflects netwo [truncated]
