Security researchers discovered a vulnerability in GitHub’s Actions feature. GitHub Actions artifacts are generated as part of organizations’ CI/CD workflows, and a combination of misconfigurations and security flaws can lead to artifact leakage of tokens.
Dubbed “ArtiPACKED,” this exploit leverages a race condition in GitHub’s artifact system, allowing attackers to compromise repositories and inject malicious code into widely used software.
The mishandling of GitHub tokens within workflow artifacts generated during CI/CD processes has led to a vulnerability. These artifacts, which are intended to store build outputs and test results, inadvertently captured sensitive tokens granting access to repositories.
This allows malicious actors with access to these artifacts the potential to compromise the services to which these secrets grant access.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
While GitHub designed these tokens to expire quickly, a recent artifact system update created a narrow opportunity window for attackers.
“Subsequent workflow jobs often rely on previously uploaded artifacts. Cases of this kind open the door for remote code execution (RCE) on the runner that runs the job consuming the malicious artifact,” researchers said.
Exploiting this flaw, researchers demonstrated the ability to download artifacts containing active GitHub tokens before their expiration. In a proof-of-concept attack, they successfully created unauthorized branches in high-profile open-source projects, including those maintained by tech giants like Google, Microsoft, and Red Hat.
The impact of this vulnerability is far-reaching. Among the affected projects was Google’s firebase-js-sdk, a JavaScript package referenced by 1.6 million public projects. Ubuntu’s adsys tool, used for Active Directory integration in corporate environments, was also vulnerable.
Security experts warn that this exploit could potentially lead to remote code execution on CI/CD runners or even developer workstations. More alarmingly, attackers could push unreviewed code directly into repositories, bypassing normal security checks.
The researcher behind the discovery, working with Palo Alto Networks, developed a custom GitHub action called “upload-secure-artifact” to mitigate the risk. This tool scans artifacts for potential secret leaks before upload, adding an essential layer of security to the workflow process.
GitHub has classified the issue as “informational,” placing the responsibility on users to secure their artifacts. However, the security community argues that this response may be insufficient, given the widespread impact and the ease of exploitation.
As the open-source community grapples with this revelation, project maintainers are urged to review their GitHub Actions workflows, minimize permissions, and implement additional security measures.
“As this research shows, we have a gap in the current security conversation regarding artifact scanning. GitHub’s deprecation of Artifacts V3 should prompt organizations using the artifacts mechanism to reevaluate the way they use it.”
The report has been shared on GitHub’s bug bounty program. They classified the problem as informational, shifting the responsibility to users to secure the artifacts they upload.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces