The 'Pwn Request' vulnerability in GitHub Actions exploits risky workflow triggers like pull_request_target, workflow_run, and issue_comment to allow attackers to inject malicious code via pull requests from forked repositories. Attackers can exfiltrate secrets, compromise repositories, and trigger supply chain attacks. The post explains how vulnerable workflows are set up, demonstrates the exploitation process with code examples, and outlines mitigation strategies including restricting permissions to least privilege, validating pull requests, disabling unnecessary triggers, and using security tools like StepSecurity for vulnerability scanning and credential exfiltration prevention.
Table of contents
What is a “Pwn Request”?Risky Triggers in GitHub Actions WorkflowsDemonstrating the "Pwn Request" VulnerabilityAnalysis of the VulnerabilityMitigation StrategiesHow StepSecurity Helps to Secure your WorkflowsConclusionSort: