Firms Potentially Exposed to Supply Chain Compromise Attack via New Class of GitHub CI/CD Attack, PoC Available

Thousands of public GitHub repositories are vulnerable to a newly discovered malicious code injection.
Github logo

Thousands of public GitHub repositories are vulnerable to a newly discovered malicious code injection via self-hosted GitHub Actions runners, which could lead to high-impact attacks, leading to potential disruption to large-scale organizations, according to a recently released news report.

Furthermore, threat actors have specifically targeted GitHub repositories recently, demonstrating clear intent and capability, while the new malicious code injection method enhancing both capability and potential impact.

Threat Assessment

RH-ISAC assesses that at the current proof-of-concept stage and given the ability to easily mitigate the attack via simple configuration changes in GitHub settings, this newly discovered CI/CD attack remains a significant threat only to members who utilize self-hosted runners to operate. Members who do operate any runners in GitHub should prioritize disabling the default configuration in GitHub settings listed below. RH-ISAC will review and research this threat as it relates to our members and will update accordingly should any of this information change. 

Technical Details

In the technical report, the attack, specifically known as a continuous integration and continuous delivery/continuous deployment (CI/CD) attack, can be launched if a GitHub repository has self-hosted runners attached. A self-hosted runner is a system that users can deploy and manage to execute specific tasks directly on In this attack, a self-hosted runner attached to a repository can be used by any workflow running in that repository, and this also applies to workflows from fork pull requests, which could run malicious code contained in a pull request.

In scenario, according to the researcher, an attacker who discovers a targeted repository of interest, can then check whether it has a self-hosted runner attached and use a fork pull request to become a contributor to that repository, which would then allow them to run workflows on the runner without requiring approval. The workflows can lead to the injection of malicious code and disruption of services at the malicious user’s activation.

Using this attack flow, the researcher gained persistent access to GitHub’s own actions/runner-images repository, which contains workflows for building Windows and MacOS runner images, allowing the researcher to infect those images with malicious code.

Applicational Feasibility and Potential Community Impact

Potential attackers could adopt and propagate this novel technique to infect sensitive repositories and cause damage and disruption during critical operation periods. As of publication, this attack remains in proof-of-concept stage, and no attacks have been observed utilizing this new CI/CD technique in the wild.

However, given the widespread use of GitHub repositories to store and manage repositories by several RH-ISAC core members (and the potential high value of data stored in repositories), organizations should review the recommendations below and apply where applicable in their security environment.


  • Change the default GitHub setting of “Require approval for first-time contributors” to “Require approval for all outside collaborators”.
  • Attackers can still attempt to conduct CI/CD attacks by deceiving a user into clicking the approve button manually, but that has a much lower chance of success and would require ingenuity on part of the attacker in order to obfuscate their injection payload among a much larger legitimate user pull request.


More Recent Blog Posts