| Security Issue | Trigger |
|---|---|
| Code Injection | When user-controlled properties are directly interpolated into a Run script. Also when untrusted data is read into a shell variable via a bash script and then used as a step's output. |
| Environment Variable Injection | When a malicious actor crafts a title that results in a multi-line message, allowing them to inject arbitrary environment variables into subsequent steps. |
| Artifact Poisoning | When a workflow downloads and uses poisoned artifacts, potentially leading to arbitrary code execution or other malicious activities within the privileged workflow. Specifically, when an artifact is downloaded from a workflow that is triggered by a workflow_run event with no branch filters. |
| Path Injection | When untrusted input is used to construct file paths, enabling attackers to manipulate file resolution (e.g., overwriting files or accessing restricted files). |
| Unpinned Action Tag | Using actions without specifying an explicit commit SHA or version tag, allowing attackers to introduce malicious changes in updated versions. |
| Improper Access Control | When workflows expose resources or actions that should be restricted to specific users or contexts, potentially allowing unauthorized access or operations. |
| Excessive Secrets Exposure | When secrets are unnecessarily provided to workflows or steps that do not require them, increasing the attack surface for compromise. |
| Secrets in Artifacts | When workflows inadvertently include secrets in build artifacts, logs, or other exported files, potentially exposing sensitive data to unauthorized users. |
| Expression is Always True | Misconfigured conditional statements in workflows that inadvertently always evaluate to true, allowing unauthorized steps to execute. |
| Unmasked Secret Exposure | When secrets are printed to logs or output without proper masking, allowing attackers to view sensitive information. |
| Cache Poisoning | When a workflow injects malicious content into the cache, which can subsequently affect other workflows relying on the poisoned cache entries. Can happen even if a workflow doesn't have write access to the repository. Specifically when using the pull_request_target trigger. |
| Use of Known Vulnerable Actions | Using third-party actions with publicly known vulnerabilities, potentially exposing workflows to attacks. |
| Missing Action Permissions | When workflows grant overly permissive or incomplete permissions to actions, leading to unintended access or actions. |
| Argument Injection | When user-controlled input is directly included in command-line arguments without proper sanitization, allowing attackers to manipulate the command execution. |
| Code Execution on Self-Hosted Runners | When an attacker compromises a self-hosted runner by submitting malicious code, potentially gaining access to sensitive data or infrastructure connected to the runner. |
| Output Clobbering | When a workflow allows untrusted input to overwrite or manipulate the outputs of previous steps, potentially altering workflow execution. |
| Time of check to time of use (TOCTOU) Attacks | Occurs when a malicious actor submits a seemingly harmless pull request, waits for approval, and then updates the pull request with malicious code before the workflow execution. Happens because the workflow uses a mutable reference (e.g., branch name) instead of an immutable one (e.g., commit SHA). Can occur with pull_request_target and issue_comment triggers. |
| Privilege Escalation | Can occur with the workflow_run trigger, where a triggering pull_request workflow that isn't privileged can initiate a workflow_run workflow that will have access to secrets and write-scoped tokens, leading to the execution of malicious code with elevated permissions. |
Misuse of pull_request_target trigger |
When a workflow activated by pull_request_target is triggered from a fork, it operates with significant privileges, including reading repository and organization secrets, having write permissions, and circumventing pull request approval safeguards. This can lead to code execution from untrusted sources. |
Security pitfalls with issue_comment trigger |
Workflows using the issue_comment trigger are vulnerable to TOCTOU attacks if they check out and execute code from a pull request based on an issue comment. Also, this trigger bypasses pull request approval mechanisms, allowing execution of malicious code without review. |
Last active
March 15, 2025 21:41
-
-
Save devanshbatham/dbf22f42b09e046f67eb94e086bb6ca2 to your computer and use it in GitHub Desktop.
GitHub Actions Attack Vectors
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment