Security News > 2024 > August > GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover

A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments.

"A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume," Palo Alto Networks Unit 42 researcher Yaron Avital said in a report published this week.

Artifacts in GitHub allow users to share data between jobs in a workflow and persist that information after it has been completed for 90 days.

The security problem here is that these artifacts are publicly available for anyone in the case of open-source projects, making them a valuable resource for extracting secrets like GitHub access tokens.

Particularly, the artifacts have been found to expose an undocumented environment variable called ACTIONS RUNTIME TOKEN, which has a lifespan of about six hours and could be used to substitute an artifact with a malicious version before it expires.

While GITHUB TOKEN expires when the job ends, improvements made to the artifacts feature with version 4 meant that an attacker could exploit race condition scenarios to steal and use the token by downloading an artifact while a workflow run is in progress.

News URL

https://thehackernews.com/2024/08/github-vulnerability-artipacked-exposes.html