On April 26, an unauthorized user exploited a vulnerability with a GitHub workflow to gain unauthorized access to tokens, all of which have now been invalidated. At this time, our investigation has found no evidence of code modifications, unauthorized access to production systems, exposure of customer data, or access to personal information.
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
Critical security flaw in Fortra FileCatalyst Workflow allows database tampering. Patch available.
