Coordinated Disclosure Timeline
- 2024-10-30: Reported via GitHub’s Private Vulnerability Reporting (PVR).
- 2024-10-31: Fix merged.
Summary
Trino’s upload-test-results.yml
workflow is vulnerable to Code Injection which may allow a malicious actor to gain write access to the repository and exfiltrate secrets such as TEST_RESULTS_AWS_SECRET_ACCESS_KEY
.
Project
Trino DB
Tested Version
Latest commit at the time of reporting.
Details
Code Injection at upload-test-results.yml
(GHSL-2024-319
)
The upload-test-results.yml
workflow is triggered when the ci
or docs
workflows complete:
on:
workflow_run:
workflows: ["ci", "docs"]
types:
- completed
When uploading the results to S3, the workflow runs the Upload test results to S3
step which interpolates the Pull Request branch name (github.event.workflow_run.head_branch
) into the Bash script:
- name: Upload test results to S3
env:
S3_BUCKET: ${{ vars.TEST_RESULTS_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ vars.TEST_RESULTS_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_RESULTS_AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-2
if: env.S3_BUCKET != '' && env.AWS_ACCESS_KEY_ID != '' && env.AWS_SECRET_ACCESS_KEY != ''
shell: bash --noprofile --norc -euo pipefail {0}
run: |
[..snip..]
jq -c \
--argjson addObj '{"branch":"${{ github.event.workflow_run.head_branch }}","git_sha":"${{ github.event.workflow_run.head_sha }}","workflow_name":"${{ github.event.workflow.name }}","workflow_run":"${{ github.event.workflow_run.id }}","workflow_conclusion":"${{ github.event.workflow_run.conclusion }}","workflow_job":"","workflow_run_attempt":"${{ github.event.workflow_run.run_attempt }}","timestamp":""}'
[..snip..]
A malicious actor can send a Pull Request from a branch named foo`id`bar
. When the vulnerable workflow gets triggered and the execution reaches the Upload test results to S3
, the id
command will get executed. This injection allows an attacker to run arbitrary code in the context of a privileged workflow.
Impact
This issue may lead to secret exfiltration (TEST_RESULTS_AWS_SECRET_ACCESS_KEY
).
In addition, since the workflow runs with write-all
permissions, a malicious actor could leverage the GITHUB_TOKEN to gain write access to the repo:
GITHUB_TOKEN Permissions
Actions: write
Attestations: write
Checks: write
Contents: write
Deployments: write
Discussions: write
Issues: write
Metadata: read
Packages: write
Pages: write
PullRequests: write
RepositoryProjects: write
SecurityEvents: write
Statuses: write
Credit
This issue was discovered and reported by GHSL team member @pwntester (Alvaro Muñoz).
Contact
You can contact the GHSL team at securitylab@github.com
, please include a reference to GHSL-2024-319
in any communication regarding this issue.