GHSL-2023-181: Expression injection in the GitHub Action workflow of Pytorch

Coordinated Disclosure Timeline

• 2023-07-25: Opened GHSA through Private Vulnerability Reporting.
• 2023-08-23: Fix commit is pushed.

Summary

The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow.

Product

Pytorch

Tested Version

ec26947

Details

Actions expression injection in filter-test-configs (GHSL-2023-181)

The filter-test-configs workflow is using the raw github.event.workflow_run.head_branch value inside the filter step:

- name: Select all requested test configurations
  shell: bash
  env:
    GITHUB_TOKEN: ${{ inputs.github-token }}
    JOB_NAME: ${{ steps.get-job-name.outputs.job-name }}
  id: filter
  run: |
    ...
    python3 "${GITHUB_ACTION_PATH}/../../scripts/filter_test_configs.py" \
      ...
      --branch "${{ github.event.workflow_run.head_branch }}"

In the event of a repository using filter-test-configs in a pull_request_target-triggered workflow, an attacker could use a malicious branch name to gain command execution in the step and potentially leak secrets.

name: Example

on: pull_request_target

jobs:
  example:
    runs-on: ubuntu-latest
    steps:
      - name: Filter
        uses: pytorch/pytorch/.github/actions/filter-test-configs@v2

Impact

This issue may lead to stealing workflow secrets.

Resources

• CodeQL for JavaScript - Expression injection in Actions
• Keeping your GitHub Actions and workflows secure Part 2: Untrusted input
• Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests

Credit

This issue was discovered and reported by GHSL team member @jorgectf (Jorge).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2023-181 in any communication regarding this issue.