Palo Alto Networks Unit 42 analysis uncovered a typical downside amongst open-source GitHub tasks that would expose secrets and techniques, and even permit attackers to inject malicious code into GitHub Actions workflows.
GitHub Actions workflows usually use secrets and techniques, akin to cloud service and GitHub tokens, to carry out sure actions, and lots of customers is probably not conscious that these tokens might find yourself uncovered when they’re included in publicly obtainable artifact information on open-source repos.
Artifact information are routinely created and saved throughout GitHub Motion workflows with a view to protect sure knowledge, akin to check experiences and compiled code, for additional evaluation or deployment, Palo Alto Senior Workers Researcher Yaron Avital defined in a weblog submit printed Tuesday.
Avital mentioned he adopted a “hunch” that these often-overlooked artifacts might probably comprise delicate knowledge and shortly discovered that his hunch was appropriate — artifacts printed on publicly obtainable open-source repositories, together with fashionable tasks from giant corporations like Google, Microsoft and Pink Hat, steadily contained each working tokens for exterior cloud providers and two forms of GitHub tokens: GITHUB_TOKEN and ACTIONS_RUNTIME_TOKEN.
These artifacts are routinely output by GitHub Actions workflows and saved for as much as 90 days, with venture maintainers probably unaware that these artifacts exist, are publicly obtainable or comprise secrets and techniques.
Moreover, Avital discovered that routinely generated GitHub tokens, which weren’t a part of the unique repository code and created by default to allow operating of authenticated git instructions in opposition to the repository, had been additionally steadily present in public artifact information and will allow attackers to inject malicious code into tasks.
How attackers might leverage artifacts to compromise GitHub tasks
Out of the 2 forms of GitHub tokens Avital present in artifacts, the ACTIONS_RUNTIME_TOKEN was simpler to use, as these JSON Net Tokens, that are utilized by a number of GitHub actions to handle caching and artifacts, expire about six hours after being created.
The researchers created an automatic course of that tracks the creation of artifacts containing ACTIONS_RUNTIME_TOKEN, downloads the artifacts, extracts the token throughout the six-hour time restrict and replaces the unique artifact with a brand new one.
An attacker might probably use the same course of to switch artifacts with information containing malicious code, risking distant code execution (RCE) if that artifact is utilized in one other job.
However, Avital was initially unable to use GITHUB_TOKEN because of the token expiring on the finish of the job and earlier than the artifact containing it’s generated. Nevertheless, with the discharge of model 4 of the artifacts characteristic in February, it turned attainable to obtain artifacts whereas a workflow was nonetheless operating, which means artifacts containing GITHUB_TOKEN could possibly be leaked earlier than the token expired.
Whereas the time window to extract GITHUB_TOKEN earlier than it expired was usually small, even utilizing an automatic course of, Avital discovered he might steal and exploit the leaked tokens in time if there have been sufficient steps between the artifact add and the top of a job.
Avital additionally managed to enhance the success of GITHUB_TOKEN exploitation by an optimized course of he referred to as RepoReaper, which saved time by selective extracting solely the git config file from compressed artifacts and utilizing the goal repository’s REST API extract and exploit the token.
As a result of most workflows Avital examined had write permissions on the venture repository, even when this was not needed, accessing GITHUB_TOKEN enabled him to carry out any write operation — as a proof-of-concept, he used RepoReaper to create a innocent department on the open-source venture clair.
An attacker might use their very own model of RepoReaper to scan workflows for GITHUB_TOKEN and routinely use it to push their very own malicious code on the goal repo.
Find out how to safe tokens from GitHub Actions artifacts
As talked about, open-source venture maintainers is probably not conscious that artifacts containing probably delicate knowledge and tokens are printed on their repos; moreover, they is probably not conscious of the era of GITHUB_TOKEN throughout their workflows, which is triggered by default even when it isn’t needed for the given job.
To forestall leaking these tokens and probably risking venture compromise, venture maintainers ought to evaluate artifact creation and privilege ranges throughout their CI/CD pipelines, guaranteeing artifacts containing secrets and techniques are usually not routinely printed and granting least permissions needed for runner tokens all through their workflow, Avital mentioned.
Avital reported leaked secrets and techniques to dozens of maintainers of fashionable open-source tasks utilized by hundreds of thousands of different customers, enabling the maintainers to forestall the automated publishing of delicate artifacts. The difficulty was additionally reported to GitHub, which categorized the problem as data, which means that customers are accountable for correctly configuring and securing their very own artifacts.
Palo Alto Networks additionally created a customized open-source motion that routinely blocks the add of artifacts that will comprise secrets and techniques.
