OH-MY-DC: OIDC Misconfigurations in CI/CD

Unit 42 researchers discovered OIDC misconfigurations in CI/CD environments, specifically in CircleCI’s OIDC implementation. These misconfigurations, including loosely configured policies and reliance on user-controllable claim values, could be exploited by threat actors to gain access to restricted resources. The researchers urge organizations to review and strengthen their OIDC policies and implement strict claim validation to enhance CI/CD security.