hey, this is Howon from CodeRabbit. We use a cloud-provider-provided key vault f... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		curuinor 8 months ago \| parent \| context \| favorite \| on: How we exploited CodeRabbit: From simple PR to RCE... hey, this is Howon from CodeRabbit. We use a cloud-provider-provided key vault for application secrets, including GH private key.

musicnarcoman 8 months ago | [–]

So the CodeRabbit application with access to application secrets still runs in the same virtual machine as untrusted code from the outside?

megamorf 8 months ago | [–]

Howon, you can stop posting that canned response. It's not helping the discussion in any way and matches the lack of detail the other commenters have pointed out.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact