GitHub Actions flaw
- Tenable flagged a GitHub Actions workflow flaw in Microsoft's public Windows-driver-samples repository. - The flaw could allow attackers to run code and exfiltrate secrets by triggering vulnerable workflows via public issues. - This incident highlights CI/CD, reusable actions, and issue-triggered workflows as critical attack surfaces for engineering teams (itbrief.co.nz).
GitHub Actions is the automation layer that builds, tests, and ships code after a repository event, and Tenable said one workflow in Microsoft’s public Windows-driver-samples repo let outsiders turn an issue into code execution. (tenable.com) Tenable said the vulnerable workflow was `tag-codeowner-on-issue.yml`, which took `github.event.issue.body` and pasted it directly into an inline Python script on the runner. In GitHub’s model, the runner is the temporary machine that executes the workflow. (tenable.com) (docs.github.com) The bug worked like a text-injection attack: an attacker could open a public issue, add triple quotes to break out of a Python string, and inject new Python code. Tenable said that code could exfiltrate secrets available to the run and perform unauthorized operations in the repository. (tenable.com) GitHub’s own documentation warns that issue bodies, issue titles, pull request bodies, branch names, and similar event fields should be treated as untrusted input because they can be interpreted as code on the runner. GitHub Security Lab has also described this pattern as a common workflow-injection class in Actions. (docs.github.com) (github.blog) The repository is not obscure. GitHub’s public listing for Windows-driver-samples shows about 5,000 forks, 7,700 stars, and more than 1,100 commits, and Microsoft Learn points developers to that repo for Windows 11 driver samples. (github.com) (learn.microsoft.com) That matters because Actions jobs often run with `GITHUB_TOKEN`, the built-in token GitHub creates for each job to call the GitHub API. GitHub says the token’s permissions can include write access unless maintainers reduce them, so a workflow bug can become a repository-control problem, not just a crashed build. (docs.github.com) (github.blog) Tenable’s disclosure timeline says it reported the issue to Microsoft on February 24, 2026, Microsoft confirmed the behavior on March 13, and Microsoft confirmed the fix on March 30 after a pull request landed in the repository. GitHub’s workflow history shows PR #1355 merged on March 13, 2026. (tenable.com) (github.com) GitHub has spent the past two years pushing maintainers to tighten this class of workflow, including guidance to avoid interpolating untrusted input directly into `run:` blocks and to scan workflows with CodeQL. In a January 2025 post updated on February 4, 2026, GitHub said it had helped secure more than 75 workflows and disclosed more than 90 vulnerabilities in open-source projects. (github.blog 1) (github.blog 2) Microsoft’s patch closed this case, but the mechanics are the part other engineering teams will recognize: a public issue, an inline script, a privileged token, and a runner that trusted the wrong text. (tenable.com) (docs.github.com)
