9.8

CVE-2023-49291

Exploit

Improper Sanitization of Branch Name Leads to Arbitrary Code Injection

tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tj-actionsBranch-names Version < 7.0.0
Tj-actionsBranch-names Version >= 7.0.1 < 7.0.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.45% 0.699
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 9.3 3.9 4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/tj-actions/branch-names/commit/4923d1ca41f928c24f1c1b3af9daaadfb71e6337
Patch
https://github.com/tj-actions/branch-names/commit/6c999acf206f5561e19f46301bb310e9e70d8815
Patch
https://github.com/tj-actions/branch-names/commit/726fe9ba5e9da4fcc716223b7994ffd0358af060
Patch
https://github.com/tj-actions/branch-names/security/advisories/GHSA-8v8w-v8xg-79rf
Vendor Advisory
Exploit
https://securitylab.github.com/research/github-actions-untrusted-input
Third Party Advisory
Exploit