GitHub Actions artifacts generated as part of CI/CD workflows may inadvertently leak tokens for third party cloud services and GitHub, exposing repositories and services to compromise, Palo Alto Networks warns.
These artifacts are files generated during the GitHub Actions workflow build process. They function as a mechanism for persisting and sharing data across jobs within the workflow and ensure that data is available even after the workflow finishes.
These Actions build artifacts are stored for up to 90 days and, in open source projects, are publicly available. However, they may also contain secrets that the workflows use to interact with services, including GitHub itself, exposing those secrets to anyone who has access to the repository.
The identified issue, a combination of misconfigurations and security defects, allows anyone with read access to a repository to consume the leaked tokens, and threat actors could exploit it to push malicious code or steal secrets from the repository.
“It’s important to note that these tokens weren’t part of the repository code but were only found in repository-produced artifacts,” Palo Alto Networks’ Yaron Avital explains.
One of the most exposed secrets discovered in these artifacts was the GitHub token, which was often found in the local git folder within the checkout directory, where it was written by the actions/checkout GitHub action used when cloning the repository code.
Using Super-Linter, a well-known open source code linter, also resulted in GitHub tokens being leaked in public artifacts: when set to create log files, Super-Linter wrote environment variables to those files, including secrets loaded as variables, such as GitHub tokens.
“The Super-Linter log file is often uploaded as a build artifact for reasons like debuggability and maintenance. But this practice exposed sensitive tokens of the repository,” Avital says.
Super-Linter has been updated and no longer prints environment variables to log files.
Avital was able to identify a leaked token that, unlike the GitHub token, would not expire as soon as the workflow job ends, and automated the process that downloads an artifact, extracts the token, and uses it to replace the artifact with a malicious one.
Because subsequent workflow jobs would often use previously uploaded artifacts, an attacker could use this process to achieve remote code execution (RCE) on the job runner that uses the malicious artifact, potentially compromising workstations, Avital notes.
Following GitHub’s release of a new version of Actions artifacts in February 2024, the researcher was also able to exploit a race condition to fetch and use exposed GitHub tokens while workflow jobs were in progress.
To exploit this, a threat actor would need to wait for a pipeline to be triggered, check if the pipeline uploads an artifact containing the GitHub token, download the publicly available artifact, extract the token, and use it to push malicious code to the repository.
Avital also discovered that it was possible to automate the process using GitHub Actions and run it on the same cloud infrastructure as the targets, using a malicious workflow.
The researcher discovered that even some high-profile open source projects from Google, Microsoft, Canonical, RedHat, OWASP, AWS, and others were affected by the issue, potentially impacting millions of customers.
“This research was reported to GitHub’s bug bounty program. They categorized the issue as informational, placing the onus on users to secure their uploaded artifacts,” the researcher says.
Avital came up with a proof-of-concept (PoC) action to help secure repositories against such leaks by scanning the source directory for secrets and preventing artifacts from being uploaded if they contain secrets.
“Reduce workflow permissions of runner tokens according to least privilege and review artifact creation in your CI/CD pipelines. By implementing a proactive and vigilant approach to security, defenders can significantly strengthen their project’s security posture,” Avital notes.
Related: Cloudflare Tunnels Abused for Malware Delivery
Related: Homebrew Security Audit Finds 25 Vulnerabilities
Related: ‘Phantom’ Source Code Secrets Haunt Major Organizations
Related: Cloud Users Warned of Data Exposure Risk From Command-Line Tools