- Sysdig exposed how a trusted GitHub feature can silently hand control to attackers
- pull_request_target isn’t just risky, it’s a loaded weapon in the wrong hands
- Even top-tier security projects like MITRE’s can fall to simple GitHub workflow misconfigurations
Experts have revealed several critical vulnerabilities in GitHub Actions workflows which could pose serious risks to some major open source projects.
A recent investigation by Sysdig’s Threat Research Team (TRT) has exposed how misconfigurations, particularly involving the pull_request_target trigger, could let attackers seize control over active repositories or extract sensitive credentials.
The team demonstrated this by compromising projects from well-known organizations such as MITRE and Splunk.
GitHub Actions is widely adopted in modern software development for its automation capabilities, but this convenience often hides security risks.
“Modern supply chain attacks frequently begin by abusing insecure workflows,” the report states, noting how secrets like tokens or passwords embedded in workflows can be exploited if improperly secured.
Despite available best practices and documentation, many repositories continue to use high-risk configurations, either from oversight or a lack of awareness.
At the core of the problem is the pull_request_target trigger, which runs workflows in the context of the main branch.
This setup grants elevated privileges, including access to GITHUB_TOKEN and repository secrets, to code submitted from forks.
While intended to facilitate pre-merge testing, this mechanism also allows execution of untrusted code, creating an attack surface that is easily overlooked.
The risks are not hypothetical, they are real.
In the Spotipy repository, which integrates with Spotify’s Web API, Sysdig discovered a setup where a crafted setup.py could execute code and harvest secrets.
In MITRE’s Cybersecurity Analytics Repository (CAR), attackers were able to execute arbitrary code by modifying dependencies.
Sysdig confirmed it was possible to take over the GitHub account associated with the project.
Even Splunk’s security_content repository had secrets like APPINSPECTUSERNAME and APPINSPECTPASSWORD exposed, despite the limited scope of the GITHUB_TOKEN.
Developers should reassess the use of pull_request_target, considering safer alternatives – Sysdig recommends separating workflows, using unprivileged checks first, and only allowing sensitive tasks after validation.
Limiting the capabilities of tokens and adopting real-time monitoring with tools like Falco Actions can also provide vital protection.
