GHSL-2021-007: Arbitrary code execution and shell command injection in dmlc/gluon-nlp workflows
Jaroslav LobačevskiCoordinated Disclosure Timeline
- 2021-01-18: Report sent to maintainers.
- 2021-01-18: Maintainers acknowledged.
- 2021-01-18: Issue resolved.
Summary
The buildwebsite.yml and unittests-gpu.yml GitHub workflows are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Product
dmlc/gluon-nlp repository
Tested Version
The latest changeset of buildwebsite.yml and unittests-gpu.yml to the date.
Details
Issue 1: Untrusted code is explicitly checked out and run on a Pull Request from a fork
Workflows triggered on pull_request_target have read/write tokens for the base repository and the access to secrets. By explicitly checking out and running the build script from a fork the untrusted code is running in an environment that is able to push to the base repository and to access secrets. More details can be found in the article Keeping your GitHub Actions and workflows secure: Preventing pwn requests.
buildwebsite.yml:
on: [push, pull_request_target]
...
- name: Checkout Pull Request Repository(For pull request)
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
uses: actions/checkout@v2
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
- name: Compile Notebooks(For pull request)
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
run: |
python -m pip install --quiet -e .[extras]
./tools/batch/batch_states/compile_notebooks.sh \
..._unittests-gpu.yml:__
on: [push, pull_request_target]
...
- name: Test project on AWS Batch(For pull request)
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
run: |
echo "Start submitting job"
python ./tools/batch/submit-job.py --region us-east-1 \
--job-type g4dn.4x \
--name GluonNLP-GPU-Test-PR#${{ github.event.number }} \
--source-ref ${{ github.event.pull_request.head.ref }} \
...Impact
The vulnerability allows for unauthorized modification of the base repository and secrets exfiltration.
Issue 2: A branch name from the pull request is used to format a shell command
buildwebsite.yml:
on: [push, pull_request_target]
...
- name: Checkout Pull Request Repository(For pull request)
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
uses: actions/checkout@v2
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
- name: Compile Notebooks(For pull request)
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
run: |
python -m pip install --quiet -e .[extras]
./tools/batch/batch_states/compile_notebooks.sh \
"#PR-${{ github.event.number }}" "${{ github.run_number }}" \
"${{ github.event.pull_request.head.repo.full_name }}" "${{ github.event.pull_request.head.ref }}"
exit $?
...
- name: Copy docs to AWS S3(For pull request)
if: ${{ (failure() || success()) && (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') }}
run: |
echo "Uploading docs to s3://gluon-nlp-staging/PR${{ github.event.number }}/${{ github.event.pull_request.head.ref }}/"
aws s3 sync --delete ./docs/_build/html/ s3://gluon-nlp-staging/PR${{ github.event.number }}/${{ github.event.pull_request.head.ref }}/ --acl public-read_unittests-gpu.yml:__
on: [push, pull_request_target]
...
- name: Test project on AWS Batch(For pull request)
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
run: |
echo "Start submitting job"
python ./tools/batch/submit-job.py --region us-east-1 \
--job-type g4dn.4x \
--name GluonNLP-GPU-Test-PR#${{ github.event.number }} \
--source-ref ${{ github.event.pull_request.head.ref }} \
...Impact
This vulnerability allows for arbitrary command injection into the bash script which allows for unauthorized modification of the base repository and secrets exfiltration. For a Proof of Concept create a PR from branch named a";echo${IFS}"hello"#.
Credit
This issue was discovered and reported by GHSL team member @JarLob (Jaroslav Lobačevski).
Contact
You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2021-007 in any communication regarding this issue.