Hi dev@, I created the codecov account for MXNet and just got this security notice. Could somebody please have a look at it?
Best regards Marco ---------- Forwarded message --------- From: Codecov Security <secur...@codecov.io> Date: Thu, Apr 15, 2021 at 3:05 PM Subject: Bash Uploader Security Notice To: <marco.g.ab...@gmail.com> Dear Codecov User: On Thursday, April 1st, we learned that someone... The description of the campaign goes here. [image: Codecov] <https://link.codecov.io/dc/Gor7oKH2Tvq0X2bPwZVSMYGS985uFLD2I3hUkRb0KwmRKHUBAUJqDAdrpJ_fZEUzy5nGB2iodz779nOYPWUGGg==/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> Security Notice Dear Codecov User: On Thursday, April 1st, we learned that someone had gained unauthorized access to our Bash Uploader <https://link.codecov.io/dc/lVBmwmYvOY7LtkCtFBifjOYsx6XwJuP1PM7MmLIT4SzLGvcKjDZWFtUwYuxTKW1du9Y83QOo4SeaBLlZJGWFS6_YfXWWmKLeXwE1UPxO0t7Mlu2XZbdnUC9v-UZyd_pCNgzsTJ1uRy32z5jcUBngqIXypkEEzehA4-Mg3c2M6nHzjCrElbOfaUCVnU57T5q6KJVFWxj_0CrrdxrLSedMNw==/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> script and modified it without our permission. The actor gained access because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script. *Unfortunately, we can confirm that you were impacted by this security event. * We strongly recommend taking action by reading our security notice <https://link.codecov.io/dc/c4Ov1985SwsWm5MPGNpcM2S8PMb_2CFVr-5_pmIXHj2RqRXvqaWi4hU8QVDmoQjiv_Tv0SqE-Qoa2F3VOl-6gNvlKRtxWABQujkgdgWfjv-F8ykfhnvDIHk8GoGqhikyTku9hbhywkpBX0bBQroHZ51JVT5O2c1058rGRHV_Tb7eGC9pFSgLLCM3BNsmENkF/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> about this event to understand how you are impacted and next steps you should take. View Security Notice <https://link.codecov.io/dc/c4Ov1985SwsWm5MPGNpcM2S8PMb_2CFVr-5_pmIXHj2RqRXvqaWi4hU8QVDmoQjiFDvc3zfz7_hTfZPPxCzhSYIT32Z7gwsknrq8GO55C-NM61dNxR1vwR6pkxndZQnb3KUWl7-uLmMYeg1rpD26SaR6EgdyCVErFdEhwtEMjHcdA_QJ7DXIulWO1NjapIEP/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> Have questions about this security update? Please view our FAQs for more information on this update. View FAQs <https://link.codecov.io/dc/c4Ov1985SwsWm5MPGNpcM2S8PMb_2CFVr-5_pmIXHj2RqRXvqaWi4hU8QVDmoQjiFDvc3zfz7_hTfZPPxCzhSYIT32Z7gwsknrq8GO55C-NM61dNxR1vwR6pkxndZQnb3KUWl7-uLmMYeg1rpD26SaR6EgdyCVErFdEhwtEMjHcxbEG0CWEAJKevQfaOMZac/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> [image: Codecov] <https://link.codecov.io/dc/Gor7oKH2Tvq0X2bPwZVSMTWHeXrxpHvZouEWt6iaplNI9GoB7gdme6CR8A4xp3ZLIxgoLbUT4ijvdYqqkTK99g==/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> Codecov creates the best way for all development teams to trust each other and the code that they collectively write, in the past, present and future. [image: Twitter] <https://link.codecov.io/dc/qRrMJDEUlv6ss-mBIC1z6jAFKcFHUmycURJVczCuSYA=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> [image: LinkedIn] <https://link.codecov.io/dc/fG5-PlwEnZR-IoSdwCtjIpTVr9AsJHNwc_srhy7U9rVBwo0WT5Eygy4lSbxfnNF1/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> [image: Github] <https://link.codecov.io/dc/KjJsydcFHp3qOIKwo1rLjUPm67xm-MTPdk0bKmJH26I=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> [image: YouTube] <https://link.codecov.io/dc/M9Y3nowLDCcEv8uSbJAkaUXhEBB5rN7Y_3x87XmxUFTspdHGI74X-B0pLwNJnz12HtOGL8twZVZe4A4aznJ-TSX_76v_13tRoATXPmFlp2g=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> [image: Discord] <https://link.codecov.io/dc/7lM4V2h3Ux1YIeo9OliDNSmCdOtyTR_Vvbn4jdXCeXQ=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> [image: Instagram] <https://link.codecov.io/dc/qRrMJDEUlv6ss-mBIC1z6jAFKcFHUmycURJVczCuSYA=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> Contact Us <https://link.codecov.io/dc/Gor7oKH2Tvq0X2bPwZVSMbT4GJoCooWanfuTyPtfo1CsEAZDlEXjNZh8die5yrXUEa6VOGFaOk3JN0h6ilS1e-QOGi01paoljcof-YogoTA=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> Address: 9450 SW Gemini Drive #32076 Beaverton, OR 97008 United States Email: he...@codecov.io <https://link.codecov.io/dc/nSodXm47F0-kcMx7ee82MQId1GxljCm3jFHKlsOs4bA=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=> ©Codecov Unsubscribe <https://link.codecov.io/MzMyLUxWWC03NDEAAAF8dJtK_nsfG5BfXA_90n4SseE_lT2RWr2Edstc9Tzdr7IyzD9ir1Bmk_x-q2oMI-5A8h4QwPE=> • Update Preferences <https://link.codecov.io/dc/c4Ov1985SwsWm5MPGNpcMyPDPVC37hGFQTuNsAxuM0Bp5yUbX8UTa9DSI_dGYPc2wbHQ659wa_FkwuAcCKATst5poGzD4TopuHVUvFUkMr0_UvXaPoPQvvvwooIDkbD-g2XEMWBF95oy2MXJJtyPwrPctqd-AzK57s0YbEl2L2sKp-TfVzQLKZtzsgNqEfWJ/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg=>
