Codecov, a code coverage solution provider, has disclosed a cyberattack in which a malicious actor illegally accessed and modified its Bash Uploader script. The incident could affect up to 29,000 Codecov customers across the company’s supply chain, according to Reuters.
The cyberattack began Jan. 31, 2021, Codecov noted. A malicious actor gained access to the Bash Uploader script via an error in Codecov’s Docker image creation process.
During the attack, the malicious actor was able to extract the credential required to modify the Bash Uploader script, Codecov stated. By altering the script, the actor could potentially export information stored in Codecov users’ continuous integration (CI) environments to an external server.
Who Is Affected by the Bash Uploader Breach?
The Bash Uploader breach can affect Codecov customers who passed any credentials, tokens or keys through their CI runner, the company said. It can impact services, data stores and application code that could be accessed with these credentials, tokens or keys.
Furthermore, the breach can affect the git remote information (URL of the origin repository) of repositories using Bash Uploaders to upload coverage to Codecov in CI, Codecov noted. It also can impact the Bash Uploader used in Codecov-actions uploader for Github, the Codecov CircleCl Orb and the Codecov Bitrise Step.
Codecov identified the Bash Uploader breach on April 1, 2020 and secured and remediated the affected script. It has notified affected users about the incident and is urging them to re-roll their credentials, tokens, or keys located in environment variables in their CI processes that used any Bash Uploaders.
Meanwhile, Codecov has rotated all relevant internal credentials, set up monitoring and auditing tools and taken other measures to guard against future security incidents. In addition, a federal investigation into the Bash Uploader breach is underway, Reuters stated.