Security News > 2024 > August > GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover

GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover
2024-08-15 06:47

A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments.

"A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume," Palo Alto Networks Unit 42 researcher Yaron Avital said in a report published this week.

Artifacts in GitHub allow users to share data between jobs in a workflow and persist that information after it has been completed for 90 days.

The security problem here is that these artifacts are publicly available for anyone in the case of open-source projects, making them a valuable resource for extracting secrets like GitHub access tokens.

Particularly, the artifacts have been found to expose an undocumented environment variable called ACTIONS RUNTIME TOKEN, which has a lifespan of about six hours and could be used to substitute an artifact with a malicious version before it expires.

While GITHUB TOKEN expires when the job ends, improvements made to the artifacts feature with version 4 meant that an attacker could exploit race condition scenarios to steal and use the token by downloading an artifact while a workflow run is in progress.


News URL

https://thehackernews.com/2024/08/github-vulnerability-artipacked-exposes.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90