CodeQLEAKED – 公共秘密泄露导致对 GitHub CodeQL 的供应链攻击

Potential Supply Chain Attack on GitHub CodeQL: A publicly exposed secret for 1.022 seconds allowed attackers to execute code within GitHub Actions workflows using CodeQL. It could lead to various attacks like compromising intellectual property, stealing credentials, executing code on internal infrastructure, and compromising GitHub Actions secrets.
- How We Got Here: In January 2025, the researcher started three months of research on pushing the limits of public GitHub Actions exploitation.
- Secret Scanning: Built a simple Actions Artifacts Secret Scanner using Nosey Parker to find secrets in GitHub Actions workflow artifacts. It found a secret in a github/codeql-action repository artifact.
- Background: GitHub Actions is a CI/CD platform that uses GITHUB_TOKEN for authentication. Workflow artifacts are publicly accessible and can be used to store and share data. CodeQL is GitHub's code analysis engine.
- Finding the Token: The Actions Artifact Secrets Scanner found a GitHub App token in a "my-debug-artifacts" zip file.
- Investigating Impact: The token had full write privileges. Three conditions needed to be met for an attacker to abuse the token: write privileges, using V4 of the upload artifact API, and enough time to download and use the token.
- Start Your Engines: Made a Python script artifact_racer.py to test if the token could be used for nefarious purposes. It successfully retrieved the token and performed actions within the short time window.
- Executing the Proof of Concept: The racer created a branch, pushed a file, and added a tag in the github/codeql-action repository, proving the token's malicious use.
- Exponential Impact: Enabling CodeQL in a repository triggers a special workflow that executes actions in the github/codeql-action repository. An attacker could overwrite the v3 tag and exfiltrate source code.
- But Wait, There’s More: Default CodeQL action uses a GITHUB_TOKEN with read privileges but can conduct GitHub Actions cache poisoning by deploying Cacheract.
- CVE-2025-24362: A publicly exposed GITHUB_TOKEN led to this CVE. The issue was fixed in CodeQL Action version 3.28.3.
Remediation: GitHub responded rapidly by acknowledging the submission, confirming the vulnerability, disabling the relevant workflow, and publishing a security advisory. To limit secrets exposure, avoid uploading certain files and limit GITHUB_TOKEN permissions.
How Praetorian Can Help: Praetorian leads in offensive CI/CD security with tools like Chariot. Their CTEM platform can identify vulnerabilities, and CI/CD Security Assessments can assess internal security posture. You can create a free Chariot account or reach out for managed services.