👩‍💻 GitHub Actions Compromise Exposes CI/CD Secrets Across 23,000+ Repositories

chushpan

chushpan

Professional
Messages
1,001
Reaction score
861
Points
113
👉 Cybersecurity researchers are highlighting an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using a continuous integration and continuous delivery (CI/CD) workflow.

💬 The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It is used to track and retrieve all modified files and directories.

🗞 The supply chain breach has been assigned CVE identifier CVE-2025-30066 (CVSS score: 8.6). The incident is believed to have occurred sometime before March 14, 2025.

📰 “In this attack, the attackers modified the action code and retroactively updated several version tags to point to a malicious commit”, StepSecurity said in a statement. “The compromised action prints CI/CD secrets in GitHub Actions build logs.”

📰 As a result of this behavior, if the workflow logs are exposed, they could lead to unauthorized disclosure of sensitive secrets when running the action on repositories.

📌 These include AWS access keys, GitHub Personal Access Tokens (PATs), npm tokens, RSA private keys, and more. However, there is no evidence that secrets were leaked to any infrastructure controlled by the attackers.
 
You must log in or register to reply here.

Similar threads

Friend
Error in GitHub opens access to projects of IT giants
Replies
0
Views
119
Friend
Friend
Carding Forum
Token leak for full access to the Python project's GitHub repositories
Replies
0
Views
210
Carding Forum
Carding Forum
Teacher
GitHub was the epicenter of secret data leaks in 2023
Replies
0
Views
146
Teacher
Teacher
Carding Forum
Access to data from remote and private GitHub repositories that have forks
Replies
0
Views
126
Carding Forum
Carding Forum
Tomcat
Hugging Face: Hackers stole the secrets of AI models
Replies
0
Views
127
Tomcat
Tomcat
Back
Top