The buildwebsite.yml and unittests-gpu.yml GitHub workflows are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
dmlc/gluon-nlp repository
The latest changeset of buildwebsite.yml and unittests-gpu.yml to the date.
Workflows triggered on pull_request_target
have read/write tokens for the base repository and the access to secrets. By explicitly checking out and running the build script from a fork the untrusted code is running in an environment that is able to push to the base repository and to access secrets. More details can be found in the article Keeping your GitHub Actions and workflows secure: Preventing pwn requests.
buildwebsite.yml:
on: [push, pull_request_target]
...
- name: Checkout Pull Request Repository(For pull request)
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
uses: actions/checkout@v2
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
- name: Compile Notebooks(For pull request)
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
run: |
python -m pip install --quiet -e .[extras]
./tools/batch/batch_states/compile_notebooks.sh \
...
_unittests-gpu.yml:__
on: [push, pull_request_target]
...
- name: Test project on AWS Batch(For pull request)
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
run: |
echo "Start submitting job"
python ./tools/batch/submit-job.py --region us-east-1 \
--job-type g4dn.4x \
--name GluonNLP-GPU-Test-PR#${{ github.event.number }} \
--source-ref ${{ github.event.pull_request.head.ref }} \
...
The vulnerability allows for unauthorized modification of the base repository and secrets exfiltration.
buildwebsite.yml:
on: [push, pull_request_target]
...
- name: Checkout Pull Request Repository(For pull request)
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
uses: actions/checkout@v2
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
- name: Compile Notebooks(For pull request)
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
run: |
python -m pip install --quiet -e .[extras]
./tools/batch/batch_states/compile_notebooks.sh \
"#PR-${{ github.event.number }}" "${{ github.run_number }}" \
"${{ github.event.pull_request.head.repo.full_name }}" "${{ github.event.pull_request.head.ref }}"
exit $?
...
- name: Copy docs to AWS S3(For pull request)
if: ${{ (failure() || success()) && (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') }}
run: |
echo "Uploading docs to s3://gluon-nlp-staging/PR${{ github.event.number }}/${{ github.event.pull_request.head.ref }}/"
aws s3 sync --delete ./docs/_build/html/ s3://gluon-nlp-staging/PR${{ github.event.number }}/${{ github.event.pull_request.head.ref }}/ --acl public-read
_unittests-gpu.yml:__
on: [push, pull_request_target]
...
- name: Test project on AWS Batch(For pull request)
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
run: |
echo "Start submitting job"
python ./tools/batch/submit-job.py --region us-east-1 \
--job-type g4dn.4x \
--name GluonNLP-GPU-Test-PR#${{ github.event.number }} \
--source-ref ${{ github.event.pull_request.head.ref }} \
...
This vulnerability allows for arbitrary command injection into the bash script which allows for unauthorized modification of the base repository and secrets exfiltration. For a Proof of Concept create a PR from branch named a";echo${IFS}"hello"#
.
This issue was discovered and reported by GHSL team member @JarLob (Jaroslav Lobačevski).
You can contact the GHSL team at securitylab@github.com
, please include a reference to GHSL-2021-007
in any communication regarding this issue.