Coordinated Disclosure Timeline
- 2023-07-25: Opened GHSA through Private Vulnerability Reporting.
- 2023-08-23: Fix commit is pushed.
Summary
The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow.
Product
Pytorch
Tested Version
Details
Actions expression injection in filter-test-configs (GHSL-2023-181)
The filter-test-configs workflow is using the raw github.event.workflow_run.head_branch value inside the filter step:
- name: Select all requested test configurations
shell: bash
env:
GITHUB_TOKEN: ${{ inputs.github-token }}
JOB_NAME: ${{ steps.get-job-name.outputs.job-name }}
id: filter
run: |
...
python3 "${GITHUB_ACTION_PATH}/../../scripts/filter_test_configs.py" \
...
--branch "${{ github.event.workflow_run.head_branch }}"
In the event of a repository using filter-test-configs in a pull_request_target-triggered workflow, an attacker could use a malicious branch name to gain command execution in the step and potentially leak secrets.
name: Example
on: pull_request_target
jobs:
example:
runs-on: ubuntu-latest
steps:
- name: Filter
uses: pytorch/pytorch/.github/actions/filter-test-configs@v2
Impact
This issue may lead to stealing workflow secrets.
Resources
- CodeQL for JavaScript - Expression injection in Actions
- Keeping your GitHub Actions and workflows secure Part 2: Untrusted input
- Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
Credit
This issue was discovered and reported by GHSL team member @jorgectf (Jorge).
Contact
You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2023-181 in any communication regarding this issue.