GitHub Actions workflows can access various sources of untrusted data through the GitHub context, such as:
- Pull request titles, descriptions, and commit messages
- Issue titles and comments
- Branch names and tag names
- User-provided inputs
When this untrusted data is directly interpolated into shell commands using GitHub’s expression syntax (${{ … }}), it can lead to
script injection vulnerabilities. An attacker who can control the content of these data sources (for example, by creating a pull request with a
malicious title) can potentially execute arbitrary commands on the runner.
For instance, if a pull request title contains shell metacharacters like $(whoami) or ; rm -rf /, these will be executed
as commands when the workflow runs, potentially compromising the build environment or exposing sensitive information.
What is the potential impact?
The consequences of successful script injection attacks in GitHub Actions can be severe and far-reaching:
Information disclosure
Attackers can extract sensitive information from the runner environment, including:
- Repository secrets and environment variables
- Authentication tokens and API keys
- Build artifacts and deployment credentials
System compromise
Successful command injection allows attackers to:
- Execute arbitrary commands on the runner
- Install malware or backdoors
- Access other resources available to the runner
Supply chain attacks
Compromised workflows can be used to:
- Inject malicious code into build artifacts
- Modify dependencies or packages being published
- Compromise downstream systems that consume the artifacts
Repository manipulation
Attackers may be able to:
- Modify repository contents or history
- Create unauthorized releases or tags
- Access or modify other repositories the workflow has access to
The impact is particularly severe because GitHub Actions runners often have elevated privileges and access to sensitive resources, making them
attractive targets for attackers.
