Coordinated Disclosure Timeline

Summary

The comment-on-pr.yml workflow is vulnerable to Poisoned Pipeline Execution (PPE) which may allow a malicious actor to gain write access to the repository and exfiltrate secrets.

Project

Sympy

Tested Version

Latest commit at the time of reporting.

Details

Poisoned Pipeline Execution (PPE) in comment-on-pr.yml (GHSL-2024-322)

The comment-on-pr workflow gets triggered when the test workflow completes:

on:
  workflow_run:
    # test is the name given for the workflow in runtests.yml
    workflows: ["test"]
    types: [completed]

It then downloads an artifact produced by the triggering workflow:

      - name: Download benchmarks
        uses: dawidd6/action-download-artifact@v6
        with:
          workflow: runtests.yml
          workflow_conclusion: success
          name: pr_number

And assign the contents of pr_number to the steps.pr_number_reader.outputs.pr_number variable:

      - name: Read the PR number
        id: pr_number_reader
        run: echo "pr_number=$(cat pr_number.txt)" >> $GITHUB_OUTPUT

Finally, it interpolates the contents of this variable into a bash script, enabling a malicious actor to run arbitrary code:

      - name: Show PR number
        run: echo ${{ steps.pr_number_reader.outputs.pr_number }}

Impact

The workflow runs with full-write permissions so an attacker could gain write access to the repo and exfiltrate secrets:

GITHUB_TOKEN Permissions
  Actions: write
  Attestations: write
  Checks: write
  Contents: write
  Deployments: write
  Discussions: write
  Issues: write
  Metadata: read
  Packages: write
  Pages: write
  PullRequests: write
  RepositoryProjects: write
  SecurityEvents: write
  Statuses: write

PoC

Credit

This issue was discovered and reported by GHSL team member @pwntester (Alvaro Muñoz).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2024-322 in any communication regarding this issue.