Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.