GitHub PAT written to debug artifacts

🗓️ 24 Jan 2025 18:44:55Reported by GitHub Advisory DatabaseType

Debug artifacts from CodeQL Action may expose environment variables, including GITHUB_TOKEN secrets.

Reporter	Title	Published	Views	Family All 11
CNNVD	CodeQL Action 日志信息泄露漏洞	24 Jan 202500:00	–	cnnvd
CVE	CVE-2025-24362	24 Jan 202518:04	–	cve
Cvelist	CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts	24 Jan 202518:04	–	cvelist
EUVD	EUVD-2025-0198	3 Oct 202520:07	–	euvd
NVD	CVE-2025-24362	24 Jan 202518:15	–	nvd
OSV	CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts	24 Jan 202518:04	–	osv
OSV	GHSA-VQF5-2XX6-9WFM GitHub PAT written to debug artifacts	24 Jan 202518:44	–	osv
Positive Technologies	PT-2025-5344 · Github · Codeql Action +1	24 Jan 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-24362	23 May 202511:40	–	redhatcve
The Hacker News	⚡ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Surge and More	7 Apr 202511:25	–	thn

Vulners

Node

github codeql-actionRange2.26.11–3.0.0actions

github codeql-actionRange3.26.11–3.28.2actions

Source	Link
github	www.github.com/github/codeql-action/security/advisories/GHSA-vqf5-2xx6-9wfm
github	www.github.com/github/codeql-cli-binaries/security/advisories/GHSA-gqh3-9prg-j95m
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-24362
github	www.github.com/github/codeql-action/pull/1074
github	www.github.com/github/codeql-action/pull/2482
github	www.github.com/github/codeql-action/commit/519de26711ecad48bde264c51e414658a82ef3fa
docs	www.docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/logs-not-detailed-enough
news	www.news.ycombinator.com/item
praetorian	www.praetorian.com/blog/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql
github	www.github.com/advisories/GHSA-vqf5-2xx6-9wfm

31 Mar 2025 21:55Current

7.2High risk

Vulners AI Score7.2

CVSS 47.1

EPSS0.00294

SSVC