gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-04-28 12:03:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

gh cache

Browse Source
This commit is contained in:
Carlos Polop
2026-01-18 12:49:25 +01:00
parent df0aaa9a31
commit a65ebe2aea
2 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pentesting-ci-cd/github-security/abusing-github-actions/README.md
View File

@@ -481,6 +481,7 @@ GitHub exposes a cross-workflow cache that is keyed only by the string you suppl
- Cache entries are shared across workflows and branches whenever the `key` or `restore-keys` match. GitHub does not scope them to trust levels.
- Saving to the cache is allowed even when the job supposedly has read-only repository permissions, so “safe” workflows can still poison high-trust caches.
- Official actions (`setup-node`, `setup-python`, dependency caches, etc.) frequently reuse deterministic keys, so identifying the correct key is trivial once the workflow file is public.
- Restores are just zstd tarball extractions with no integrity checks, so poisoned caches can overwrite scripts, `package.json`, or other files under the restore path.
**Mitigations**
@@ -806,4 +807,3 @@ An organization in GitHub is very proactive in reporting accounts to GitHub. All
{{#include ../../../banners/hacktricks-training.md}}