C-ENV-LEAK-PIPELINEInitial Access

CI/CD Pipeline Secret Leak

GitHub Actions / GitLab CI / CircleCI log leakage of AWS keys / kubeconfig / GCP service-account JSON.

§ Where this technique fits

C-ENV-LEAK-PIPELINE is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 5 on average.

§ Dossiers chaining this technique

Public bucket → CI/CD secret leak → cloud takeover
A public S3 bucket hosts a build artefact containing CI tokens / .env files. Use them to push to the prod CI/CD pipeline and gain a deploy role.
step 5 / 7

§ What commonly comes next

01
IMDSv1 Credential Theft
C-IMDS-V1 · Credential Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Public bucket → CI/CD secret leak → cloud takeover

§ What commonly comes next