March 23, 2021 at 11:27PM

■■■■□ GitHub awards bug bounty hunter $25,000 for Actions secrets theft report.

Tracked as CVE-2021-22862, the security flaw is described as an improper access control vulnerability that “allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork”.