GitHub_MCVELIST:CVE-2023-49291CVE-2023-49291 Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N
EPSS
Percentile
56.4%
tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The tj-actions/branch-names GitHub Actions improperly references the github.event.pull_request.head.ref and github.head_ref context variables within a GitHub Actions run step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse GITHUB_TOKEN permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CNA Affected
[
{
"vendor": "tj-actions",
"product": "branch-names",
"versions": [
{
"version": "< 7.0.7",
"status": "affected"
}
]
}
]References
github.com/tj-actions/branch-names/commit/4923d1ca41f928c24f1c1b3af9daaadfb71e6337
github.com/tj-actions/branch-names/commit/6c999acf206f5561e19f46301bb310e9e70d8815
github.com/tj-actions/branch-names/commit/726fe9ba5e9da4fcc716223b7994ffd0358af060
github.com/tj-actions/branch-names/security/advisories/GHSA-8v8w-v8xg-79rf
securitylab.github.com/research/github-actions-untrusted-input
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N
EPSS
Percentile
56.4%