August 15, 2024Ravie LakshmananCloud Security / DevOps

A newly discovered attack vector in GitHub Actions artifacts called ArtPACKED can be abused to take over repositories and gain access to organizations’ cloud environments.

“A combination of misconfigurations and vulnerabilities could cause tokens to be leaked, both from external cloud services and GitHub tokens, making them available to anyone with read permissions to the repository,” said Yaron Avital, a researcher at Palo Alto Networks Unit 42, in a report published this week.

“This could allow malicious actors with access to these artifacts to compromise the services to which these secrets provide access.”

According to the cybersecurity firm, leaks of GitHub tokens (e.g. GITHUB_TOKEN and ACTIONS_RUNTIME_TOKEN) have been observed in particular. These leaks not only allow attackers to gain unauthorized access to the repositories, but also allow them to poison the source code and push it to production via CI/CD workflows.

Artifacts in GitHub allow users to share data between tasks in a workflow and retain that information for 90 days after it has completed. This can include builds, logs, core dumps, test output, and deployment packages.

The security problem here is that in the case of open source projects, these artifacts are publicly available to anyone, making them a valuable resource for extracting secrets like GitHub access tokens.

In particular, the artifacts have been found to expose an undocumented environment variable named ACTIONS_RUNTIME_TOKEN. This variable has a lifetime of approximately six hours and can be used to replace an artifact with a malicious version before it expires.

This could then open an attack window for remote code execution when developers directly download and execute the fraudulent artifact or when there is a subsequent workflow task that is configured to execute based on previously uploaded artifacts.

GITHUB_TOKEN expires when the task completes, but improvements to the artifacts feature in version 4 allow an attacker to exploit race condition scenarios to steal and use the token by downloading an artifact while a workflow is executing.

The stolen token can then be used to push malicious code to the repository by creating a new branch before the pipeline task ends and the token is invalidated. However, this attack relies on the workflow having the “contents: write” permission.

A number of open-source repositories related to Amazon Web Services (AWS), Google, Microsoft, Red Hat, and Ubuntu have been found to be vulnerable to the attack. GitHub, for its part, has categorized the issue as informational, requiring users to secure their uploaded artifacts themselves.

“GitHub’s deprecation of Artifacts V3 should prompt organizations using the artifact mechanism to reevaluate the way they use it,” Avital said. “Overlooked elements like build artifacts often become prime targets for attackers.”