GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover

A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations’ cloud environments.

“A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume,” Palo Alto Networks Unit 42 researcher Yaron Avital said in a report published this week.

“This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.”

The cybersecurity company said it primarily observed the leakage of GitHub tokens (e.g., GITHUB_TOKEN and ACTIONS_RUNTIME_TOKEN), which could not only give malicious actors unauthorized access to the repositories, but also grant them the ability to poison the source code and get it pushed to production via CI/CD workflows.

Artifacts in GitHub allow users to share data between jobs in a workflow and persist that information after it has been completed for 90 days. This can include builds, log files, core dumps, test outputs, and deployment packages.

Read the Full Story Here

Source: The Hacker News