GitHub Repositories at Risk: Sysdig Uncovers Critical Workflow Vulnerabilities
Sysdig researchers have identified a significant security risk in GitHub repositories, where improperly configured workflows could allow attackers to hijack projects by exploiting the pull_request_target event in GitHub Actions. Unlike the standard pull_request trigger—which runs in the context of a merge commit—pull_request_target executes in the base branch (typically the default branch) and has access to repository secrets and write permissions via the GITHUB_TOKEN.
The vulnerability arises when maintainers use pull_request_target to test untrusted code from public contributors, inadvertently exposing sensitive credentials. If misconfigured, attackers could inject malicious code, exfiltrate secrets, and gain elevated privileges within the repository.
Sysdig’s investigation revealed multiple affected projects, including:
- Spotipy, an open-source Python library for the Spotify Web API, where researchers demonstrated the ability to execute malicious Python packages and steal the
GITHUB_TOKEN. The flaw has since been patched. - Mitre’s cyber analytics repository, where attackers could exfiltrate the
GITHUB_TOKENand other secrets, potentially gaining full control. Mitre addressed the issue promptly. - Splunk’s security_content repository, where two secrets were exposed, though the extracted
GITHUB_TOKENhad limited read-only access.
Stefan Chierici, Sysdig’s threat research lead, warned that the impact depends on the privileges of the extracted token. In severe cases, attackers could modify workflows, exfiltrate additional secrets, or alter files in the main branch—effectively taking over the repository. While pull_request_target can be used safely, its nuances require careful handling to avoid exploitation.
Sysdig has reported additional vulnerable repositories and is awaiting remediation before disclosing further details. The findings underscore the need for maintainers to audit their GitHub Actions workflows for potential misconfigurations.
Spotify cybersecurity rating report: https://www.rankiteo.com/company/spotify
MITRE cybersecurity rating report: https://www.rankiteo.com/company/mitre
Splunk cybersecurity rating report: https://www.rankiteo.com/company/splunk
"id": "SPOMITSPL1767777752",
"linkid": "spotify, mitre, splunk",
"type": "Vulnerability",
"date": "6/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Technology/Software Development',
'name': 'Spotipy (Spotify Web API Python Library)',
'type': 'Open Source Project'},
{'industry': 'Cybersecurity/Defense',
'name': 'Mitre Cyber Analytics Repository',
'type': 'Open Source Project'},
{'industry': 'Technology/Cybersecurity',
'name': 'splunk/security_content',
'type': 'Open Source Project'}],
'attack_vector': 'Misconfigured GitHub Actions workflows '
'(pull_request_target)',
'data_breach': {'data_exfiltration': 'Yes (secrets were exfiltrated in '
'proof-of-concept attacks)',
'sensitivity_of_data': 'High (secrets could lead to '
'repository takeover)',
'type_of_data_compromised': 'Repository secrets (e.g., '
'GITHUB_TOKEN), potentially other '
'sensitive data'},
'description': 'Sysdig researchers warned that developers and maintainers '
'could leave their GitHub repositories open to hijacking due '
'to inadequately secured workflows, specifically the misuse of '
'the pull_request_target trigger event in GitHub Actions. This '
'flaw allows attackers to exfiltrate secrets, including the '
'GITHUB_TOKEN, and gain elevated privileges within '
'repositories.',
'impact': {'brand_reputation_impact': 'Potential reputational damage for '
'affected projects and maintainers',
'data_compromised': 'Repository secrets (e.g., GITHUB_TOKEN), '
'potentially other sensitive data',
'operational_impact': 'Potential repository takeover, unauthorized '
'code modifications, and secret exfiltration',
'systems_affected': 'GitHub repositories with misconfigured '
'workflows'},
'initial_access_broker': {'entry_point': 'Misconfigured GitHub Actions '
'workflows (pull_request_target)'},
'investigation_status': 'Ongoing (additional findings to be disclosed after '
'remediation)',
'lessons_learned': 'Maintainers must fully understand the security '
'implications of GitHub Actions workflows, particularly '
'pull_request_target, and use them with caution. '
'Misconfigurations can lead to severe security risks, '
'including repository takeover.',
'post_incident_analysis': {'corrective_actions': 'Fixing misconfigured '
'workflows, reducing '
'GITHUB_TOKEN permissions, '
'and educating maintainers '
'on secure workflow '
'practices',
'root_causes': 'Misunderstanding of '
'pull_request_target security '
'implications, overprivileged '
'GITHUB_TOKEN permissions, and lack '
'of workflow audits'},
'recommendations': ['Audit GitHub Actions workflows for insecure use of '
'pull_request_target',
'Limit GITHUB_TOKEN permissions to the minimum required',
'Use pull_request_target only when absolutely necessary '
'and with proper safeguards',
'Monitor for unauthorized access or modifications to '
'workflows'],
'references': [{'source': 'Sysdig Research'}],
'response': {'containment_measures': 'Flaws were fixed by the respective '
'maintainers (Spotify, Mitre, Splunk)',
'remediation_measures': 'Correcting misconfigured GitHub Actions '
'workflows to prevent secret '
'exfiltration',
'third_party_assistance': 'Sysdig researchers assisted in '
'identifying and reporting '
'vulnerabilities'},
'title': 'GitHub Repositories Vulnerable to Hijacking via Insecure '
'pull_request_target Workflows',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Insecure use of pull_request_target in GitHub '
'Actions workflows'}