GHSL-2024-319: Poisoned Pipeline Execution (PPE) via code injection in Trino DB

Coordinated Disclosure Timeline

• 2024-10-30: Reported via GitHub’s Private Vulnerability Reporting (PVR).
• 2024-10-31: Fix merged.

Summary

Trino’s upload-test-results.yml workflow is vulnerable to Code Injection which may allow a malicious actor to gain write access to the repository and exfiltrate secrets such as TEST_RESULTS_AWS_SECRET_ACCESS_KEY.

Project

Trino DB

Tested Version

Latest commit at the time of reporting.

Details

Code Injection at upload-test-results.yml (GHSL-2024-319)

The upload-test-results.yml workflow is triggered when the ci or docs workflows complete:

on:
  workflow_run:
    workflows: ["ci", "docs"]
    types:
      - completed

When uploading the results to S3, the workflow runs the Upload test results to S3 step which interpolates the Pull Request branch name (github.event.workflow_run.head_branch) into the Bash script:

      - name: Upload test results to S3
        env:
          S3_BUCKET: ${{ vars.TEST_RESULTS_BUCKET }}
          AWS_ACCESS_KEY_ID: ${{ vars.TEST_RESULTS_AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_RESULTS_AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: us-east-2
        if: env.S3_BUCKET != '' && env.AWS_ACCESS_KEY_ID != '' && env.AWS_SECRET_ACCESS_KEY != ''
        shell: bash --noprofile --norc -euo pipefail {0}
        run: |

[..snip..]
            jq -c \
              --argjson addObj '{"branch":"${{ github.event.workflow_run.head_branch }}","git_sha":"${{ github.event.workflow_run.head_sha }}","workflow_name":"${{ github.event.workflow.name }}","workflow_run":"${{ github.event.workflow_run.id }}","workflow_conclusion":"${{ github.event.workflow_run.conclusion }}","workflow_job":"","workflow_run_attempt":"${{ github.event.workflow_run.run_attempt }}","timestamp":""}'

[..snip..]

A malicious actor can send a Pull Request from a branch named foo`id`bar. When the vulnerable workflow gets triggered and the execution reaches the Upload test results to S3, the id command will get executed. This injection allows an attacker to run arbitrary code in the context of a privileged workflow.

Impact

This issue may lead to secret exfiltration (TEST_RESULTS_AWS_SECRET_ACCESS_KEY).

In addition, since the workflow runs with write-all permissions, a malicious actor could leverage the GITHUB_TOKEN to gain write access to the repo:

GITHUB_TOKEN Permissions
  Actions: write
  Attestations: write
  Checks: write
  Contents: write
  Deployments: write
  Discussions: write
  Issues: write
  Metadata: read
  Packages: write
  Pages: write
  PullRequests: write
  RepositoryProjects: write
  SecurityEvents: write
  Statuses: write

Credit

This issue was discovered and reported by GHSL team member @pwntester (Alvaro Muñoz).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2024-319 in any communication regarding this issue.