3 matches found
GHSA-26WH-CC3R-W6PJ canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output
Impact Users using the github-token input are impacted. If the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the exception output, GitHub will automatically redact the secret from the GitHub Actions logs. However, the...
canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output
Impact Users using the github-token input are impacted. If the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the exception output, GitHub will automatically redact the secret from the GitHub Actions logs. However, the...
CVE-2025-31479 canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output
canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the excepti...