Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
akkem
Newcomer III
3 weeks ago
3 weeks ago

GitHub Actions Supply Chain Compromise - tj-actions

tj-actions/changed-files, has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines.

 

https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromi...

https://www.upwind.io/feed/github-actions-supply-chain-compromise-tj-actions-changed-files-action

 

Reply
4 Replies
akkem
Newcomer III
2 weeks ago
2 weeks ago

We always recommend using a checksum or digest before deploying anything to a system. If you have verified the SHA value during installation to ensure you're using the correct version of tj-actions, then you are not compromised. Otherwise, regardless of the tag, all versions are vulnerable, as tags can be modified to push the same vulnerable code.
Reply
Kyaw_Myo_Oo
Advocate I
2 weeks ago
2 weeks ago

This is very informative. Thank you for sharing your time and experience with us in this forum @akkem.

 

Kyaw Myo Oo
Information Security Program Manager , CB BANK PCL
CCIE #58769 | CISSP | PMP | CCSM | SAA-C03 | PCNSE
Reply
Caute_cautim
Community Champion
2 weeks ago
2 weeks ago

Hi All

 

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have originated from an earlier breach of the “reviewdog/action-setup@v1” GitHub Action, according to a report.

 

Source:  Cryptogram - Bruce Schneier

 

CISA confirmed the vulnerability has been patched in version 46.0.1.

Given that the utility is used by more than 23,000 GitHub repositories, the scale of potential impact has raised significant alarm throughout the developer community.

 

Regards

 

Caute_Cautim

 

 

Reply
0 Kudos
akkem
Newcomer III
a week ago
a week ago

Supply chain and OAuth attacks are on the rise in GitHub, threat campaign targeting over 8,000 repositories with the goal of luring developers into granting full repository access. Mitiga’s researchers explain an active GitHub compromise and large-scale phishing campaign, along with providing recommendations for threat hunting and mitigation.
https://www.mitiga.io/blog/uncovering-hidden-threats-hunting-non-human-identities-in-github?utm_sour...
Reply
0 Kudos