The GitHub Security Lab team has identified a potential security vulnerability in Home Assistant's GitHub Actions.
Summary
The home-assistant/actions helpers/version workflow is vulnerable to a command injection in GitHub Actions, allowing an attacker to leak secrets and alter the repository using the workflow potentially.
Credit
This issue was discovered and reported by GHSL team members @jorgectf (Jorge) and @p- (Peter Stöckli).
GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-179
The GitHub Security Lab team has identified a potential security vulnerability in Home Assistant's GitHub Actions.
Summary
The
home-assistant/actionshelpers/versionworkflow is vulnerable to a command injection in GitHub Actions, allowing an attacker to leak secrets and alter the repository using the workflow potentially.Credit
This issue was discovered and reported by GHSL team members @jorgectf (Jorge) and @p- (Peter Stöckli).
GitHub Security Lab (GHSL) Vulnerability Report:
GHSL-2023-179