- Notifications
You must be signed in to change notification settings - Fork687
Security: github-aws-runners/terraform-aws-github-runner
Security
SECURITY.md
If you find a vulnerability, or evidence of one, please report it privately.
Vulnerabilities should be reported usingGitHub's mechanism for privately reporting a vulnerability. Under themain repository's security tab, click "Report a vulnerability" to open the advisory form.
A member of the terraform-aws-github-runner team will triage the reported vulnerability and if the vulnerability is accepted a security advisory will be published and all further communication will be done via that security advisory.
- Runner EC2 instances can read other instances' tokens (jitconfig and registration tokens) from SSM parametersGHSA-w423-qwm2-w2jq published
Jul 1, 2024 bynpalmHigh - Cross-Runner Token Exposure through SSM Parameter StoreGHSA-8rp4-w85f-5qh2 published
Jul 1, 2024 bynpalmHigh - GitHub registration tokens potentially exposed in workflowsGHSA-c7m9-5vcx-35m6 published
Oct 11, 2022 bynpalmModerate
Learn more about advisories related togithub-aws-runners/terraform-aws-github-runner in theGitHub Advisory Database