GitHub Action Compromise Risks Data Leaks for 23,000 Repositories - DevOps.com
Briefly

from DevOps.com2 weeks ago
A compromised GitHub Action, tj-actions/changed-files, has been linked to a supply chain attack that allows bad actors to leak sensitive information from over 23,000 repositories. The security vulnerability, tracked as CVE-2025-30066, involved the injection of malicious Node.js code. This code facilitates the download of a Python script designed to scan GitHub Runner’s memory for credentials used in CI/CD pipelines. If exposed, these secrets can be accessed via publicly viewable build logs, potentially impacting developers severely.
In a supply chain attack, a GitHub Action was compromised to leak secrets from public repositories, affecting over 23,000 repositories.
DevOps.comhttps://devops.com/github-action-compromise-risks-data-leaks-for-23000-repositories/
The malware modifies the GitHub Action to leak CI/CD secrets, posing a significant risk to developers using public workflows.
DevOps.comhttps://devops.com/github-action-compromise-risks-data-leaks-for-23000-repositories/
The compromised action outputs secrets into build logs, making them accessible to anyone if repositories are public, raising security concerns.
DevOps.comhttps://devops.com/github-action-compromise-risks-data-leaks-for-23000-repositories/
StepSecurity first identified the breach, revealing that attackers embedded malicious Node.js code to download scripts that compromise GitHub Runner's memory.
DevOps.comhttps://devops.com/github-action-compromise-risks-data-leaks-for-23000-repositories/
Read at DevOps.com
#github #supply-chain-security #cve-2025-30066 #open-source-security #cybersecurity
[
|
]