By default, actions/checkout persists credentials to .git/config. When artifacts are uploaded using
actions/upload-artifact, these persisted credentials can be exposed in artifacts.
The vulnerability occurs when:
- Upload-artifact version < 3.2 or >= 4.0 and < 4.4: These versions upload hidden directories including
.git/config by default if a broad path is given e.g. ., *. Note: version 3.2+ contains a backported fix that
excludes hidden files by default.
- Upload-artifact version >= 4.4: This version is safe by default. Vulnerability is introduced if
include-hidden-files:
true is set and a broad path is given e.g. . or * without manually excluding the .git directory.
What is the potential impact?
If credentials persisted in the .git directory are uploaded, an attacker who gains access to the uploaded artifacts can:
Credential Exposure
The credentials are stored in plain text in the artifact, allowing unauthorized access to repository resources.
Unauthorized Access
An attacker with the extracted credentials can perform actions on behalf of the workflow, such as reading sensitive data, modifying code, creating
releases, or accessing other repositories the credentials have permissions for.
Supply Chain Compromise
An attacker with the extracted credentials can modify workflows, inject malicious code, or publish malicious packages, potentially compromising the
entire supply chain.
