A recently identified vulnerability in GitHub Actions artifacts, referred to as ArtiPACKED, poses significant risks to repository security and organizational cloud operations. This attack vector could allow malicious entities to gain unauthorized control over repositories and infiltrate cloud environments associated with these repositories.
The vulnerability results from a mix of misconfigurations and security flaws within GitHub Actions. According to Palo Alto Networks’ Unit 42, researcher Yaron Avital emphasized that artifacts, if improperly managed, could inadvertently expose sensitive tokens from both third-party cloud services and GitHub itself. This leakage enables anyone with read access to the repository to exploit these tokens, potentially compromising the services tied to these secrets.
Individuals and organizations utilizing GitHub Actions need to be particularly vigilant, as the leakage primarily involves GitHub tokens like GITHUB_TOKEN and ACTIONS_RUNTIME_TOKEN. These tokens not only grant unauthorized access to repositories but also pose risks of malicious modifications to code that could be deployed in production through continuous integration and continuous deployment (CI/CD) workflows.
Artifacts in GitHub are designed to facilitate data sharing during workflows and can remain accessible for up to 90 days after their creation. This includes various forms of data such as build outputs, log files, and deployment packages. For open-source projects, the inherent public accessibility of these artifacts increases their susceptibility to exploitation; attackers can easily extract secrets like GitHub access tokens from publicly available artifacts.
Notably, these artifacts have been known to leak an undocumented environment variable called ACTIONS_RUNTIME_TOKEN. With a temporary lifespan of approximately six hours, this token can be exploited to replace an artifact with a malicious version before it expires, thus opening a critical window for potential remote code execution. This vulnerability is particularly dangerous when developers download and execute the compromised artifact or when automated jobs trigger based on previously uploaded artifacts.
While the GITHUB_TOKEN itself expires at the end of its job, enhancements introduced in version four of the artifacts feature could enable attackers to take advantage of race conditions. By obtaining a token during an active workflow execution, malicious actors could create a new branch in the repository and push harmful code, as long as the pipeline is configured to allow "contents: write" permission.
It is crucial to recognize that GitHub tokens are not stored within repository code. Their exposure only occurs during a CI/CD pipeline, which subsequently allows unauthorized users to access tokens contained within uploaded artifacts and leverage them to inject malicious code into repositories.
Multiple open-source projects related to major cloud services, including those from Amazon Web Services, Google, Microsoft, Red Hat, and Ubuntu, have been identified as targets of this attack. GitHub has classified this issue as informational, urging users to enhance their security measures around artifact management.
In light of these findings, Avital stressed the importance of reassessing how organizations utilize GitHub’s artifact mechanism, particularly following the deprecation of Artifacts V3. Attention to often overlooked components such as build artifacts can be crucial, as they frequently become prime targets for cyber attackers.
This incident brings to light the urgency for business owners to adopt robust cybersecurity practices. Understanding potential tactics used in such attacks, as outlined in the MITRE ATT&CK Matrix, can aid organizations in preemptively defending against similar vulnerabilities. Tactics such as initial access, persistence, and privilege escalation may all be relevant in understanding and mitigating the risks associated with exposed GitHub Actions artifacts.
