Summary
The pr-e2e.yml workflow is vulnerable to command injection attacks because of using an untrusted event.comment.body field.
Details
Line 140: MESSAGE="${{ github.event.comment.body }}"
PoC
Assigning the value of the issue comment body to any-body"; echo hacked can lead to command injection.
Impact
Since the permission is not restricted, the attacker has a write-access to the repository.
igibek Reporter
aashish-19 Remediation developer
Summary
The pr-e2e.yml workflow is vulnerable to command injection attacks because of using an untrusted event.comment.body field.
Details
Line 140:
MESSAGE="${{ github.event.comment.body }}"PoC
Assigning the value of the issue comment body to
any-body"; echo hackedcan lead to command injection.Impact
Since the permission is not restricted, the attacker has a write-access to the repository.