Status
Fixed: This vulnerability has been remediated in the following Pull Request:
#1487
IMPACT: This did not affect the CLI, but rather the build process on the GitHub runner. No need for our users to upgrade.
High-level Overview
A critical vulnerability existed in the SDKMAN! CLI project’s GitHub Actions CI workflow. The workflow was configured to run on the pull_request_target event but executed untrusted code from fork pull requests with elevated privileges.
Specifically, the workflow checked out the Pull Request's head commit and executed the Gradle wrapper (./gradlew). This allowed a malicious pull request author to execute arbitrary shell commands on the GitHub Actions runner with the permissions of the base repository.
Exact Component Affected
-
Repository: sdkman/sdkman-cli
-
File: .github/workflows/pull-requests.yml
-
Trigger: pull_request_target
-
Vulnerable Command:
./gradlew clean test --info
Root Cause Analysis
The vulnerability stemmed from the combination of a privileged trigger and the execution of untrusted scripts.
- The workflow used
pull_request_target, which provides the runner with a read/write GITHUB_TOKEN and access to repository secrets (if defined).
- The workflow explicitly checked out the untrusted code from the fork (the PR head).
- It then executed
./gradlew. Since gradlew is a shell script located within the repository, a fork PR author could modify this script to include malicious commands.
- Because the script ran in the context of the base repository, these malicious commands executed with write privileges.
Impact
This configuration allowed for Full Repository Takeover.
An attacker could:
- Achieve Remote Code Execution (RCE) on the CI runner.
- Access the repository's
GITHUB_TOKEN with "contents: write" permissions.
- Push malicious commits, create new branches, or modify releases without authorization.
- Potentially exfiltrate repository secrets if they were exposed to the environment.
Proof of Concept
We successfully demonstrated this vulnerability by submitting a Pull Request that modified the gradlew script to execute arbitrary system commands.
Evidence of Exploitation:
Reporter
Barak Haryati | JFrog
This research was conducted as part of JFrog’s Open Source and Supply Chain Security Contribution efforts. 🐸
Status
Fixed: This vulnerability has been remediated in the following Pull Request:
#1487
IMPACT: This did not affect the CLI, but rather the build process on the GitHub runner. No need for our users to upgrade.
High-level Overview
A critical vulnerability existed in the SDKMAN! CLI project’s GitHub Actions CI workflow. The workflow was configured to run on the
pull_request_targetevent but executed untrusted code from fork pull requests with elevated privileges.Specifically, the workflow checked out the Pull Request's head commit and executed the Gradle wrapper (
./gradlew). This allowed a malicious pull request author to execute arbitrary shell commands on the GitHub Actions runner with the permissions of the base repository.Exact Component Affected
Repository: sdkman/sdkman-cli
File: .github/workflows/pull-requests.yml
Trigger: pull_request_target
Vulnerable Command:
./gradlew clean test --info
Root Cause Analysis
The vulnerability stemmed from the combination of a privileged trigger and the execution of untrusted scripts.
pull_request_target, which provides the runner with a read/writeGITHUB_TOKENand access to repository secrets (if defined)../gradlew. Sincegradlewis a shell script located within the repository, a fork PR author could modify this script to include malicious commands.Impact
This configuration allowed for Full Repository Takeover.
An attacker could:
GITHUB_TOKENwith "contents: write" permissions.Proof of Concept
We successfully demonstrated this vulnerability by submitting a Pull Request that modified the
gradlewscript to execute arbitrary system commands.Evidence of Exploitation:
RCE Confirmation (Arbitrary Command Execution):
https://github.com/sdkman/sdkman-cli/actions/runs/20078680298/job/57599839599?pr=1486#step:4:8
Accessing Git Configuration:
https://github.com/sdkman/sdkman-cli/actions/runs/20078680298/job/57599839599?pr=1486#step:4:21
Unauthorized Branch Creation (Demonstrating Write Access):
Reporter
Barak Haryati | JFrog
This research was conducted as part of JFrog’s Open Source and Supply Chain Security Contribution efforts. 🐸