Closed threesquared closed 3 years ago
Should we assume that the env
script could have been modified as well? We are trying to work out potential the blast radius.
@threesquared at this time, our audit logging has revealed no evidence of modification of the env
script. A third-party auditing team has also revealed no evidence.
We have redeployed with a known clean copy in an abundance of caution.
Thanks for the clarification
There is no checksum provided for the
https://codecov.io/env
script, it would be great to also be able to verify this as well.Also are you able to confirm if the
env
script was modified during the last incident?