Summary
The workflow docs_flaw_checker.yml is triggered by pull_request_target which allows limited write access to the repository. An attacker can execute code by creating a file like docs/en/flying/$(date).md.
Details
High-level explanation: https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
The vulnerable step is echo "${{ steps.get_changed_markdown_english.outputs.all_changed_files }}"
If the output all_changed_files contains shell expansions, the workflow runner will pass them directly to echo "..".
PoC
The PR #24585 shows how an attack could look like. The attacker was able exfiltrate the GitHub token during the run and create a review of the PR (on behalf of the github-actions bot).
Impact
The attacker can edit labels of PRs (e.g. Admin: Merge after CI passes ✅). As far as I could determine it is not possible to merge PRs or write to the main branch directly.
Summary
The workflow docs_flaw_checker.yml is triggered by
pull_request_targetwhich allows limited write access to the repository. An attacker can execute code by creating a file likedocs/en/flying/$(date).md.Details
High-level explanation: https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
The vulnerable step is
echo "${{ steps.get_changed_markdown_english.outputs.all_changed_files }}"If the output
all_changed_filescontains shell expansions, the workflow runner will pass them directly toecho "..".PoC
The PR #24585 shows how an attack could look like. The attacker was able exfiltrate the GitHub token during the run and create a review of the PR (on behalf of the github-actions bot).
Impact
The attacker can edit labels of PRs (e.g. Admin: Merge after CI passes ✅). As far as I could determine it is not possible to merge PRs or write to the main branch directly.