Coordinated Disclosure Timeline

Summary

Gradio contains multiple Workflows vulnerables to Execution of untrusted code enabling an attacker to steal secret tokens and gain write access to the Gradio repository.

Project

Gradio

Tested Version

Latest commit at the time of writing

Details

Gradio uses two triggering workflows: trigger-checks.yml and trigger-changeset.yml that can be triggered by an attacker by sending a pull_request or commenting on a pull request (trigger-changeset only). These workflows trigger a variety of workflow_run workflows which have a common initial job called changes which runs the gradio-app/gradio/.github/actions/changes@main reusable workflow. This workflow decides whether the rest of the workflow should run (steps.changes.outputs.should_run) based on the pull request’s changed files and provides information about the triggering event. In the case that the workflow_run workflow got triggered by a pull_request or an issue_comment on a pull request, the steps.changes.outputs.merge_sha will contain the SHA of the merge commit of the triggering pull request and therefore will point to a commit that may include attacker-controlled files.

These workflows then use a second job where the merge commit of the triggering pull request gets checked out and, therefore, untrusted files will get used in the following steps of the same job. The following sections provide details about the vulnerable workflows, the untrusted code checkouts and the steps that execute untrusted code.

Issue 1: Execution of untrusted code in test-hygiene.yml (GHSL-2024-150)

Impact

Issue 2: Execution of untrusted code in tests-js.yml (GHSL-2024-151)

Impact

Issue 3: Execution of untrusted code in generate-changeset.yml (GHSL-2024-152)

Note: It is unclear whether arbitrary code execution could be achieved within gradio-app/github/actions/generate-changeset reusable workflow but given that it runs on a highly privileged context with untrusted checkout we decided to report it.

Impact

Issue 4: Execution of untrusted code in deploy-spaces.yml (GHSL-2024-153)

Impact

Issue 5: Execution of untrusted code in deploy+test-visual.yml (GHSL-2024-154)

Impact

Issue 6: Execution of untrusted code in deploy-website.yml (GHSL-2024-155)

Impact

Issue 7: Execution of untrusted code in test-functional.yml (GHSL-2024-156)

Impact

Issue 8: Execution of untrusted code in test-python.yml (GHSL-2024-157)

Impact

Resources

Credit

These issues were discovered and reported by GHSL team member @pwntester (Alvaro Muñoz).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2024-150, GHSL-2024-151, GHSL-2024-152, GHSL-2024-153, GHSL-2024-154, GHSL-2024-155, GHSL-2024-156, or GHSL-2024-157 in any communication regarding these issues.