I'd imagine the attacker published a new compromised version of their package, which the author eventually downloaded, which pwned everything else.
replyTheir Personal Access Token must’ve been pwned too, not sure through what mechanism though
replyThey have written about it on github to my question:
replyTrivvy hacked (https://www.aquasec.com/blog/trivy-supply-chain-attack-what-...) -> all circleci credentials leaked -> included pypi publish token + github pat -> | WE DISCOVER ISSUE | -> pypi token deleted, github pat deleted + account removed from org access, trivvy pinned to last known safe version (v0.69.3)
What we're doing now:
Block all releases, until we have completed our scans
Working with Google's mandiant.security team to understand scope of impact
Reviewing / rotating any leaked credentials
69.3 isnt safe. The safe thing to do is remove all trivy access. or failing that version. 0.35 is the last and AFAIK only safe version.
replyhttps://socket.dev/blog/trivy-under-attack-again-github-acti...
I have sent your message to the developer on github and they have changed the version to 0.35.0 ,so thanks.
replyhttps://github.com/BerriAI/litellm/issues/24518#issuecomment...
Does that explain how circleci was publishing commits and closing issues?
replyDon't hold your breath for an answer.
reply