Azure Pipelines logging-command injection TL;DR: Commit-message / variable-controlled ##vso logging commands overwrite pipeline secrets and tasks (CVE-2023-21553, CVE-2023-36561). Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://www.legitsecurity.com/blog/remote-code-execution-vulnerability-in-azure-pipelines-can-lead-to-software-supply-chain-attack