Unauthenticated attackers can manipulate privileged processes and take over code repositories through insecure permission configurations in GitHub Actions.
A critical CI/CD vulnerability called Cordyceps enables attackers to gain full control over repositories and compromise the supply chain of hundreds of open-source projects.