Summary
Using pull_request_target on .github/workflows/docs.yml, checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be executed from the PR having full access to secrets (from the base repo) without any maintainer interaction. By exploiting the vulnerability is possible to exfiltrate the GITHUB_TOKEN. This GITHUB_TOKEN, having content: write permissions, can be abused to completely overtake the repo.
Details
The pull_request_target in GitHub Actions is a major security concern - especially in public repositories - because it executes untrusted code from a PR, but with the context of the base repository, including access to its secrets.
Along with code checkout on head.sha, an attacker is able to control the code and change the workflow to execute random code:
- name: Checkout project
uses: actions/checkout@v4
with:
ref: "${{ github.event.pull_request.head.sha }}"
POC
An attacker could leverage the Install dependency step inside the workflow .github/workflows/integration_tests.yml to run arbitrary code:
- name: Install dependencies
run: |
pip install -r docs/requirements.txt
By locally adding in the PR a malicious python package, which gets installed in the docs/requirements.txt step, an attacker could get a shell on the github action workflow, and could consequently exfiltrate the GITHUB_TOKEN secret.
To prove this token was privileged we created a tag named poc-v1.1.55 which has been deleted after 2 minutes.
Impact
Usually a GITHUB_TOKEN with contents: write permissions allows an attacker a wide range of ways to completely overtake the repo:
GITHUB_TOKEN Permissions
Contents: write
Metadata: read
Kindly reported by @AlbertoPellitteri and @darryk10
Patches
Because of requirements of secrets we had to keep the pull_request_target, instead we updated Github Organisation settings to change permissions in https://github.com/organizations/PHP-CMSIG/settings/actions the Workflow permissions to Read repository contents and packages permissions.
Additional we did split the build and deploy process up into 2 different CI Jobs. Only the deploy which runs only on merged Pull Requests and so reviewed changes have write permission to update github pages.
Best Regards @alexander-schranz
References
darryk10 Reporter
AlbertoPellitteri Reporter
alexander-schranz Remediation developer
Summary
Using
pull_request_targeton.github/workflows/docs.yml, checking out thehead.shaof a forked PR can be exploited by attackers, since untrusted code can be executed from the PR having full access to secrets (from the base repo) without any maintainer interaction. By exploiting the vulnerability is possible to exfiltrate theGITHUB_TOKEN. ThisGITHUB_TOKEN, havingcontent: writepermissions, can be abused to completely overtake the repo.Details
The
pull_request_targetin GitHub Actions is a major security concern - especially in public repositories - because it executes untrusted code from a PR, but with the context of the base repository, including access to its secrets.Along with code checkout on
head.sha, an attacker is able to control the code and change the workflow to execute random code:POC
An attacker could leverage the Install dependency step inside the workflow
.github/workflows/integration_tests.ymlto run arbitrary code:By locally adding in the PR a malicious python package, which gets installed in the
docs/requirements.txtstep, an attacker could get a shell on the github action workflow, and could consequently exfiltrate theGITHUB_TOKENsecret.To prove this token was privileged we created a tag named
poc-v1.1.55which has been deleted after 2 minutes.Impact
Usually a
GITHUB_TOKENwithcontents: writepermissions allows an attacker a wide range of ways to completely overtake the repo:Kindly reported by @AlbertoPellitteri and @darryk10
Patches
Because of requirements of secrets we had to keep the
pull_request_target, instead we updated Github Organisation settings to change permissions in https://github.com/organizations/PHP-CMSIG/settings/actions theWorkflow permissionstoRead repository contents and packages permissions.Additional we did split the build and deploy process up into 2 different CI Jobs. Only the deploy which runs only on merged Pull Requests and so reviewed changes have write permission to update github pages.
Best Regards @alexander-schranz
References