Agent of Chaos: Hijacking NodeJS’s Jenkins Agents | Praetorian
www.praetorian.com
Two CI/CD vulnerabilities in the nodejs/node GitHub repository exposed Node.js to remote code execution on Jenkins agents and the potential to merge unreviewed code to the main branch of the repository.