| Security Issue | Trigger |
|---|---|
| Code Injection | When user-controlled properties are directly interpolated into a Run script. Also when untrusted data is read into a shell variable via a bash script and then used as a step's output. |
| Environment Variable Injection | When a malicious actor crafts a title that results in a multi-line message, allowing them to inject arbitrary environment variables into subsequent steps. |
| Artifact Poisoning | When a workflow downloads and uses poisoned artifacts, potentially leading to arbitrary code execution or other malicious activities within the privileged workflow. Specifically, when an artifact is downloaded from a workflow that is triggered by a workflow_run event with no branch filters. |
| Path Injection | When untrusted input is used to construct file paths, enabling attackers to manipulate file resolution (e.g., overwriting files or accessing restricted files). |
| Unpinned Action Tag | Using actions without specifying an explicit commit SHA or version tag, allowing attackers to introduce malicious changes in updated versions. |
| Improper Access Control | When workflows expose resources or actions that should be restricted to specific users or contexts, potentially allowing unauthorized access or operations. |
| Excessive Secrets Exposure | When secrets are unnecessarily provided to workflows or steps that do not require them, increasing the attack surface for compromise. |
| Secrets in Artifacts | When workflows inadvertently include secrets in build artifacts, logs, or other exported files, potentially exposing sensitive data to unauthorized users. |
| Expression is Always True | Misconfigured conditional statements in workflows that inadvertently always evaluate to true, allowing unauthorized steps to execute. |
| Unmasked Secret Exposure | When secrets are printed to logs or output without proper masking, allowing attackers to view sensitive information. |
| Cache Poisoning | When a workflow injects malicious content into the cache, which can subsequently affect other workflows relying on the poisoned cache entries. Can happen even if a workflow doesn't have write access to the repository. Specifically when using the pull_request_target trigger. |
| Use of Known Vulnerable Actions | Using third-party actions with publicly known vulnerabilities, potentially exposing workflows to attacks. |
| Missing Action Permissions | When workflows grant overly permissive or incomplete permissions to actions, leading to unintended access or actions. |
| Argument Injection | When user-controlled input is directly included in command-line arguments without proper sanitization, allowing attackers to manipulate the command execution. |
| Code Execution on Self-Hosted Runners | When an attacker compromises a self-hosted runner by submitting malicious code, potentially gaining access to sensitive data or infrastructure connected to the runner. |
| Output Clobbering | When a workflow allows untrusted input to overwrite or manipulate the outputs of previous steps, potentially altering workflow execution. |
| Time of check to time of use (TOCTOU) Attacks | Occurs when a malicious actor submits a seemingly harmless pull request, waits for approval, and then updates the pull request with malicious code before the workflow execution. Happens because the workflow uses a mutable reference (e.g., branch name) instead of an immutable one (e.g., commit SHA). Can occur with pull_request_target and issue_comment triggers. |
| Privilege Escalation | Can occur with the workflow_run trigger, where a triggering pull_request workflow that isn't privileged can initiate a workflow_run workflow that will have access to secrets and write-scoped tokens, leading to the execution of malicious code with elevated permissions. |
Misuse of pull_request_target trigger |
When a workflow activated by pull_request_target is triggered from a fork, it operates with significant privileges, including reading repository and organization secrets, having write permissions, and circumventing pull request approval safeguards. This can lead to code execution from untrusted sources. |
Security pitfalls with issue_comment trigger |
Workflows using the issue_comment trigger are vulnerable to TOCTOU attacks if they check out and execute code from a pull request based on an issue comment. Also, this trigger bypasses pull request approval mechanisms, allowing execution of malicious code without review. |
Last active
March 15, 2025 21:41
GitHub Actions Attack Vectors
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment