Cycode discovered a CI/CD misconfiguration in the Bazel repo, which if exploited could have allowed an attacker to enact a supply chain attack against all Bazel users, which includes Google themselves and probably GCP (https://bazel.build/community/users#google).
Summary (give a brief description of the issue)
Cycode discovered a CI/CD misconfiguration in the Bazel repo, which if exploited could have allowed an attacker to enact a supply chain attack against all Bazel users, which includes Google themselves and probably GCP (https://bazel.build/community/users#google).
References (provide links to blogposts, etc.)
https://cycode.com/blog/cycode-discovers-a-supply-chain-vulnerability-in-bazel/