GHSL-2024-120: Actions code injection in Milvus leading to potential repository takeover and secrets leak

Coordinated Disclosure Timeline

• 2024-06-24: Report sent to haijin.chn@gmail.com
• 2024-09-09: Report sent to james.luan@zilliz.com
• 2024-09-10: Fixes merged.

Summary

Milvus is vulnerable to Actions code injection allowing an attacker to alter the repository and steal secrets.

Project

Milvus

Tested Version

v2.3.18

Details

Code Injection (GHSL-2024-120)

The check-issue.yaml workflow is triggered on issues (i.e., when an Issue is created). The workflow starts with Issues write-permission GitHub repository token.

Taking the above into account, this workflow injects data controlled by said Issue (${{ github.event.issue.title }} – the title of the Issue) into a Run step’s script, allowing an attacker to take over the GitHub Runner to run custom commands and alter the repository.

on:
  issues:
    types: [opened]

jobs:
  check_issue_title:
...
    permissions:
      issues: write
...
    steps:
...
      - name: Check Issue
        shell: bash
        run: |
          echo Issue title: ${{ github.event.issue.title }}
...

This issue was found using CodeQL for JavaScript’s Expression injection in Actions query.

Impact

This issue may lead to stealing workflow secrets and modification of the repository.

Proof of Concept

1. Open an Issue with the following title: '$(whoami)'
2. Check the workflow runs for the new Actions run that will execute the command whoami.

Resources

• CodeQL for JavaScript - Expression injection in Actions
• Keeping your GitHub Actions and workflows secure Part 2: Untrusted input
• Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests

Credit

This issue was discovered and reported by GHSL team member @pwntester (Alvaro Muñoz).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2024-120 in any communication regarding this issue.