Coordinated Disclosure Timeline
- 2024-03-25: Opened an Issue asking for a security contact.
- 2024-03-25: Maintainer creates an advisory.
- 2024-03-25: Fix is committed.
Summary
Kolibri is vulnerable to Actions expression injection allowing an attacker to alter the repository and steal secrets.
Project
Kolibri
Tested Version
Details
Actions expression injection in notify_team_new_comment.yml (GHSL-2024-038)
The notify_team_new_comment.yml workflow is triggered on issue_comment (i.e., when a when a comment inside an Issue or Pull Request is created). The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on Organization/Repository level are set to read-write.
Taking the above into account, this workflow injects data controlled by said Issue (${{ github.event.issue.title }} – the title of the Issue) into a Run step’s script, allowing an attacker to take over the GitHub Runner to run custom commands and alter the repository.
- name: Escape title double quotes
id: escape_title
run: |
title='${{ github.event.issue.title }}'
echo "ISSUE_TITLE=${title//\"/\\\"}" >> "$GITHUB_OUTPUT"
This issue was found using CodeQL for JavaScript’s Expression injection in Actions query.
Impact
This issue may lead to stealing workflow secrets and modification of the repository.
Proof of Concept
- Open an Issue with the following title:
'$(whoami)' - Check the workflow runs for the new Actions run that will execute the command
whoami.
Resources
- CodeQL for JavaScript - Expression injection in Actions
- Keeping your GitHub Actions and workflows secure Part 2: Untrusted input
- Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
Credit
This issue was discovered and reported by GHSL team member @jorgectf (Jorge Rosillo).
Contact
You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2024-038 in any communication regarding this issue.