Atlassian ran a project on Bugcrowd looking for bugs in their proposed implementation of Kata Containers within the Bitbucket Pipelines CI/CD environment. Researchers identified vulnerabilities that could allow processes running in the Kata VM to write to supposedly read-only volume mounts, potentially allowing malicious build jobs to execute arbitrary commands on the host system. The vulnerability was fixed by the Kata Containers team and assigned CVE-2020-28914. The impact of this vulnerability is significant, as it allows an attacker to interfere with any customer's pipeline builds on the same host, potentially leading to a Denial-of-Service (DoS) attack. Researchers were able to exploit this vulnerability by manipulating a read-only hostPath volume, which allowed them to write to arbitrary files on the container host and execute malicious commands. The vulnerability was eventually fixed by applying a fix in the Pipelines environment, but not before researchers had identified and exploited it, demonstrating the potential for bug bounty programs to identify critical security vulnerabilities.