Coordinated Disclosure Timeline

Summary

The buildwebsite.yml and unittests-gpu.yml GitHub workflows are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.

Product

dmlc/gluon-nlp repository

Tested Version

The latest changeset of buildwebsite.yml and unittests-gpu.yml to the date.

Details

Issue 1: Untrusted code is explicitly checked out and run on a Pull Request from a fork

Workflows triggered on pull_request_target have read/write tokens for the base repository and the access to secrets. By explicitly checking out and running the build script from a fork the untrusted code is running in an environment that is able to push to the base repository and to access secrets. More details can be found in the article Keeping your GitHub Actions and workflows secure: Preventing pwn requests.

buildwebsite.yml:

on: [push, pull_request_target]
...
      - name: Checkout Pull Request Repository(For pull request)
        if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
        uses: actions/checkout@v2
        with:
          repository: ${{ github.event.pull_request.head.repo.full_name }}
          ref: ${{ github.event.pull_request.head.ref }}

      - name: Compile Notebooks(For pull request)
        if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
        run: |
          python -m pip install --quiet -e .[extras]
          ./tools/batch/batch_states/compile_notebooks.sh \
...

_unittests-gpu.yml:__

on: [push, pull_request_target]
...
      - name: Test project on AWS Batch(For pull request)
        if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
        run: |
          echo "Start submitting job"
          python ./tools/batch/submit-job.py --region us-east-1 \
                                             --job-type g4dn.4x \
                                             --name GluonNLP-GPU-Test-PR#${{ github.event.number }} \
                                             --source-ref ${{ github.event.pull_request.head.ref }} \
...

Impact

The vulnerability allows for unauthorized modification of the base repository and secrets exfiltration.

Issue 2: A branch name from the pull request is used to format a shell command

buildwebsite.yml:

on: [push, pull_request_target]
...
      - name: Checkout Pull Request Repository(For pull request)
        if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
        uses: actions/checkout@v2
        with:
          repository: ${{ github.event.pull_request.head.repo.full_name }}
          ref: ${{ github.event.pull_request.head.ref }}

      - name: Compile Notebooks(For pull request)
        if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
        run: |
          python -m pip install --quiet -e .[extras]
          ./tools/batch/batch_states/compile_notebooks.sh \
                 "#PR-${{ github.event.number }}" "${{ github.run_number }}" \
                 "${{ github.event.pull_request.head.repo.full_name }}" "${{ github.event.pull_request.head.ref }}"
          exit $?
...
      - name: Copy docs to AWS S3(For pull request)
        if: ${{ (failure() || success()) && (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') }}
        run: |
          echo "Uploading docs to s3://gluon-nlp-staging/PR${{ github.event.number }}/${{ github.event.pull_request.head.ref }}/"
          aws s3 sync --delete ./docs/_build/html/ s3://gluon-nlp-staging/PR${{ github.event.number }}/${{ github.event.pull_request.head.ref }}/ --acl public-read

_unittests-gpu.yml:__

on: [push, pull_request_target]
...
      - name: Test project on AWS Batch(For pull request)
        if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
        run: |
          echo "Start submitting job"
          python ./tools/batch/submit-job.py --region us-east-1 \
                                             --job-type g4dn.4x \
                                             --name GluonNLP-GPU-Test-PR#${{ github.event.number }} \
                                             --source-ref ${{ github.event.pull_request.head.ref }} \
...

Impact

This vulnerability allows for arbitrary command injection into the bash script which allows for unauthorized modification of the base repository and secrets exfiltration. For a Proof of Concept create a PR from branch named a";echo${IFS}"hello"#.

Credit

This issue was discovered and reported by GHSL team member @JarLob (Jaroslav Lobačevski).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2021-007 in any communication regarding this issue.