GitHub repositories were compromised, leading to the exposure of install action tokens which fortunately had a limited 24-hour lifespan, thus reducing the risk of widespread exploitation. Endor Labs found that other sensitive credentials like those for Docker, npm, and AWS were also leaked, although many repositories adhered to security best practices by referencing commit SHA values rather than mutable tags, mitigating the potential damage. Despite the reduced impact, due to the potential for threat actors to leverage GitHub Actions, users are advised to implement stricter file and folder access controls to enhance security measures and prevent similar incidents in the future.
Source: https://www.scworld.com/brief/github-action-supply-chain-attack-less-impactful-than-thought
"id": "git344032125",
"linkid": "github",
"type": "Breach",
"date": "3/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"