Researchers have disclosed a vulnerability to Microsoft’s GitHub team detailing an issue with GitHub Actions allowing an unprivileged user with write access to bypass peer-review, which could allow for malicious code to be committed to the main branch. This event may compromise the pipeline and allow malicious code to execute in production software.
GitHub Actions is a default feature used to build and run workflows to manage software development. Even those with only write privileges can change workflows, therefore admin privileges are not needed to exploit this vulnerability. Users are able to modify the GITHUB_TOKEN and as the action is run, the GitHub-Actions bot acts as the organization member approval, allowing the code to be committed.
Analyst Notes
A vulnerability like this requires only one user account to be able to compromise the entire software development pipeline. As such, this issue is considered high risk and should be addressed immediately. Organizations who utilize GitHub need to consider disabling the Actions feature while the GitHub team addresses this issue. If GitHub Actions is in use and critical to operations, it is possible to mitigate the risk by ensuring two or more code approvals are needed to perform the commit.
https://portswigger.net/daily-swig/unresolved-github-actions-flaw-allows-code-to-be-approved-without-review
