Skip to content

SDKMAN! CLI GitHub Actions Pull Request Workflow Remote Code Execution Vulnerability

Critical
marc0der published GHSA-cprm-c872-3fw7 Dec 24, 2025

Package

SDKMAN REPO

Affected versions

0.0

Patched versions

None

Description

Status

Fixed: This vulnerability has been remediated in the following Pull Request:
#1487

IMPACT: This did not affect the CLI, but rather the build process on the GitHub runner. No need for our users to upgrade.

High-level Overview

A critical vulnerability existed in the SDKMAN! CLI project’s GitHub Actions CI workflow. The workflow was configured to run on the pull_request_target event but executed untrusted code from fork pull requests with elevated privileges.

Specifically, the workflow checked out the Pull Request's head commit and executed the Gradle wrapper (./gradlew). This allowed a malicious pull request author to execute arbitrary shell commands on the GitHub Actions runner with the permissions of the base repository.

Exact Component Affected

  • Repository: sdkman/sdkman-cli

  • File: .github/workflows/pull-requests.yml

  • Trigger: pull_request_target

  • Vulnerable Command:

    ./gradlew clean test --info

Root Cause Analysis

The vulnerability stemmed from the combination of a privileged trigger and the execution of untrusted scripts.

  • The workflow used pull_request_target, which provides the runner with a read/write GITHUB_TOKEN and access to repository secrets (if defined).
  • The workflow explicitly checked out the untrusted code from the fork (the PR head).
  • It then executed ./gradlew. Since gradlew is a shell script located within the repository, a fork PR author could modify this script to include malicious commands.
  • Because the script ran in the context of the base repository, these malicious commands executed with write privileges.

Impact

This configuration allowed for Full Repository Takeover.
An attacker could:

  1. Achieve Remote Code Execution (RCE) on the CI runner.
  2. Access the repository's GITHUB_TOKEN with "contents: write" permissions.
  3. Push malicious commits, create new branches, or modify releases without authorization.
  4. Potentially exfiltrate repository secrets if they were exposed to the environment.

Proof of Concept

We successfully demonstrated this vulnerability by submitting a Pull Request that modified the gradlew script to execute arbitrary system commands.

Evidence of Exploitation:

Reporter

Barak Haryati | JFrog

This research was conducted as part of JFrog’s Open Source and Supply Chain Security Contribution efforts. 🐸

Severity

Critical

CVE ID

No known CVE

Weaknesses

No CWEs

Credits