The whole world is talking about AI, and developers are no exception. When a developer hears about a tool that can help them handle git pull requests using AI, it is likely that they will start using it for their open source project.

This is precisely what's happening with Qodo Merge (formerly PR-Agent), an open source tool that can help review and handle git pull requests by using AI to provide feedback and suggestions to developers. It is getting adopted by more and more open source projects, including popular ones.

It is so easy to add new features by relying on external tools, yet the consequences on security can be catastrophic.

Indeed, if the tool contains security vulnerabilities, the project using it may become vulnerable too and may grant anyone permissions to perform unexpected actions without realizing it. But everyone wants to use AI so security may be overlooked.

We found multiple vulnerabilities in Qodo Merge that may lead to privilege escalation on Gitlab, getting write access to Github repositories and leaking Github repository secrets. Additionally we found multiple high profile Github repositories using Qodo Merge with a configuration that makes them vulnerable, such as highly popular projects, government official repositories, self-driving automotive industry projects, blockchains and more.

In this talk we go through what Qodo Merge is, how it can be used, how it works, how it can be exploited, what projects are affected and what are the impacts. We also mention remediation steps to fix these issues.