GitHub Action Secrets Vulnerable to Token Exploitation

GitHub Action Secrets Under Attack: A New Threat to Cloud Security

Many organizations depend on GitHub Action Secrets for safeguarding sensitive data like credentials, API keys, and tokens integral to their Continuous Integration/Continuous Delivery (CI/CD) workflows. These private repositories are commonly believed to offer a secure, locked-down environment for critical information. However, new research indicates that this trust is being exploited, opening a critical vulnerability in enterprise cloud security.

Recent findings from the Wiz Customer Incident Response Team reveal that malicious actors are exploiting exposed GitHub Personal Access Tokens (PATs) to breach GitHub Action Secrets. This allows them to infiltrate cloud environments and wreak havoc. The presence of these secrets within repositories is identified as a fundamental problem, as cloud service provider access keys are incredibly valuable and can persist for extended periods, making them prime targets for attackers.

The implications of such breaches are significant, affecting a vast number of organizations that rely on GitHub for their development and deployment pipelines. The ease with which attackers can leverage PATs to gain deep access underscores a pressing need for improved security postures. This evolving threat landscape necessitates a re-evaluation of current security practices and a shift towards more proactive defense mechanisms to protect sensitive data and cloud infrastructure.

The Illusion of Secrecy: How PATs Compromise GitHub Actions

A substantial majority, approximately 73%, of organizations utilizing private GitHub Action Secrets repositories, store cloud service provider (CSP) credentials within them. This widespread practice creates a critical exposure point when Personal Access Tokens (PATs) are compromised. PATs are essential for developers and automated systems to interact with GitHub repositories and workflows, but when exploited, they become a potent entry point for attackers to move laterally into CSP control planes.

Erik Avakian, a technical counselor at Info-Tech Research Group, describes PATs as a “powerful springboard.” He explains that a compromised PAT grants attackers a virtual backstage pass into a company’s cloud environments, allowing them to impersonate legitimate developers. With a valid PAT, threat actors can perform numerous actions within GitHub, directly leading to access in AWS, Azure, GCP, or other cloud services, because GitHub trusts the PAT as if it belongs to the genuine developer.

Once inside, attackers can meticulously search various repositories and workflows for any information hinting at cloud access. This includes configuration items, scripts, and hidden secrets. Gaining access to actual cloud credentials essentially hands them the “keys to the company’s AWS bucket, Azure subscriptions, and other workflows.” This level of access enables them to deploy new cloud resources, access databases, exfiltrate source code, install malware such as crypto miners, inject malicious workflows, or even pivot to other cloud services. They can also establish persistent access mechanisms to ensure future returns. Avakian warns that at this stage, virtually anything a legitimate user can do in the cloud, the attacker can also achieve. The perceived safety of private repositories often misleads developers, who might believe these environments are inherently secure, a notion that is clearly contradicted by these findings.

Evading Detection and Sustaining Access

One of the most alarming aspects of this vulnerability is the ease with which attackers can evade detection. Wiz’s research indicates that a threat actor with basic read permissions, obtained via a compromised PAT, can use GitHub’s API code search to locate secret names embedded within a workflow’s YAML code, typically found as $. This method of secret discovery is particularly dangerous because search API calls are not logged, making it exceedingly difficult to monitor or detect.

Furthermore, GitHub-hosted Actions run from GitHub-managed resources, which utilize legitimate, shared IP addresses. These addresses are not typically flagged as malicious, allowing attackers to operate under the radar. By abusing secrets and impersonating workflow origins, attackers can exploit trust and potentially access other resources if code is misconfigured or reused across different workflows. This also enables them to maintain persistent access to the system, ensuring long-term compromise.

The threat escalates significantly if the exploited PAT possesses write permissions. In such scenarios, attackers can execute arbitrary malicious code and subsequently remove evidence by deleting workflow logs, runs, pull requests, and created branches—which are isolated copies of codebases used for development experimentation. Since workflow logs are infrequently streamed into Security Incident and Event Management (SIEM) platforms, these malicious activities can go largely unnoticed. Additionally, a developer’s PAT with access to a GitHub organization makes all associated private repositories vulnerable. Wiz’s research highlights that 45% of organizations store plain-text cloud keys privately, in stark contrast to the mere 8% found in public repositories. This statistic reinforces the dangerous misconception among developers that a private repository automatically equates to a safe one, a belief that is actively being exploited by cybercriminals.

Fortifying Defenses: Strategies for Enterprise Leaders

To effectively counter these sophisticated threats, enterprise leaders must re-evaluate their security strategies for GitHub and cloud environments. Erik Avakian emphasizes that Personal Access Tokens (PATs) should be treated with the same rigorous security protocols applied to any other privileged credentials. This includes implementing a “zero trust” approach for cloud infrastructure and development environments, utilizing micro-segmentation and robust privileged user management to contain potential breaches and prevent lateral movement.

A critical recommendation involves managing the lifecycle of tokens. Like other credentials, tokens are most secure when they have reasonable expiration dates. Implementing token expiration, regular rotation, and the use of short-lived credentials are essential practices that can significantly thwart these types of risks. Additionally, Avakian advises adopting the principle of least privilege, granting accounts only the necessary rights rather than an “admin everything” approach. More importantly, organizations should move sensitive cloud secrets out of GitHub workflows entirely and ensure comprehensive monitoring and log review processes are in place. These measures are crucial for flagging any unexpected workflow or cloud creation events that could indicate malicious activity.

David Shipley of Beauceron Security advocates for a multi-pronged strategy that includes robust monitoring, instant response plans, and rigorous developer training. He stresses that developer training must be reinforced with “meaningful consequences” for non-compliance, fostering a strong security culture within development teams. Shipley highlights that organizations cannot simply purchase a technological solution for this cultural aspect of the problem. He underscores the escalating sophistication of cybercriminals, stating that organizations have no choice but to invest in these areas or face severe financial repercussions. Shipley also strongly advises against blindly trusting GitHub repositories. He recommends that enterprises actively identify and remediate any cloud secrets currently residing in their repositories, replacing them immediately, and ceasing the addition of new ones. While the current threat landscape is challenging, Shipley notes a silver lining: the increased effort required by criminals is a testament to the success of multi-factor authentication (MFA) and improved general security awareness. This indicates that criminals are now compelled to penetrate deeper levels, which ironically signifies progress in overall cybersecurity efforts.