Coordinated Disclosure Timeline

Summary

The QGIS repository is vulnerable to Poisoned Pipeline Execution (PPE) which may allow a malicious actor to take over the repository.

Project

QGIS

Tested Version

Latest commit at the time of reporting

Details

Execution of untrusted code in sipify-bot.yml workflow (GHSL-2024-171)

The sipify-bot.yml workflow is triggered on issue_comment, specifically when a new comment is created:

on:
  issue_comment:
    types: [created]

When the comment is applied to a Pull Request and it contains the words /sipify, the job sipify is run:

sipify:
if: github.event_name != 'issue_comment' || ( contains(github.event.comment.html_url, '/pull/') && github.event.comment.body == '/sipify' )
runs-on: [ubuntu-latest]
steps:

This job gets the HEAD ref of the Pull Request being commented using the alessbell/pull-request-comment-branch action:

- name: Get PR branch
uses: alessbell/pull-request-comment-branch@v2.1.0
if: ${{ github.event_name == 'issue_comment' }}
id: comment-branch

After installing some dependencies, it runs the local script ./scripts/sipify_all.sh:

- name: run sipify
  run: ./scripts/sipify_all.sh -m

An malicious actor can submit a Pull Request which changes the contents of the ./scripts/sipify_all.sh script so that it runs malicious commands.

Impact

Since the worflow runs with high privileges, a malicious actor could take over the repository by sending a Pull Request, adding a comment on it and using the privileged GITHUB_TOKEN to compromise the repository.

Resources

Credit

This issue was discovered and reported by GHSL team member @pwntester (Alvaro Muñoz).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2024-171 in any communication regarding this issue.