Full Report
The compromised version of tj-actions/changed-files injects malicious code into CI workflows, potentially capturing and exposing secrets from affected repositories. On public repositories, the secrets would then be visible to everyone as part of the workflow logs, though obfus...
Analysis Summary
# Incident Report: Supply Chain Compromise via `tj-actions/changed-files`
## Executive Summary
A critical supply chain attack was identified where the popular GitHub Action `tj-actions/changed-files` was compromised to inject malicious code into CI/CD workflows. This code harvested secrets from affected repositories and embedded them directly into workflow execution logs, primarily on public repositories, resulting in potential widespread secret exposure. The incident was traced back through a dependency chain potentially involving the `reviewdog/action-setup` action and was mitigated by removing the offending commits.
## Incident Details
- Discovery Date: March 15, 2025 (Approximate, based on takedown date)
- Incident Date: Compromise likely initiated around March 11, 2025, via dependency chain.
- Affected Organization: N/A (Open-source GitHub Actions ecosystem)
- Sector: Technology/Software Development (CI/CD)
- Geography: Global (GitHub Users)
## Timeline of Events
### Initial Access
- Date/Time: On or around March 11, 2025
- Vector: Supply Chain Compromise (Dependency Confusion/Malicious Commit)
- Details: The suspected root cause was the compromise of the `reviewdog/action-setup` GitHub Action, where the `v1` tag was temporarily pointed to a malicious commit containing the payload. This compromised action was then utilized by `tj-actions/eslint-changed-files`, which was in turn executed by the primary target, `tj-actions/changed-files`.
### Lateral Movement
- Details: Not applicable in a traditional sense; the attack vector was the CI/CD execution environment itself, where the malicious code within the Action executed within the context of the target repository's workflow runner using its allocated secrets (e.g., GitHub PAT).
### Data Exfiltration/Impact
- Date/Time: During workflow execution by affected users.
- Details: The injected malicious code captured workflow secrets, encoded them in Base64 (obfuscated as double-encoded Base64), and embedded these secrets directly into the workflow logs generated by the runner.
### Detection & Response
- Date/Time: Around 10:30 AM UTC, March 15, 2024 (Takedown)
- Details: The affected repository (`tj-actions/changed-files`) was taken down. Upon investigation, the malicious payload was discovered to modify the `install.sh` script rather than using external exfiltration (like `curl`). Secrets were observed leaking only within the affected repository logs; no external exfiltration to attacker-controlled C2 observed.
## Attack Methodology
- Initial Access: Supply chain injection via dependency pointer manipulation in a downstream action (`reviewdog/action-setup`).
- Persistence: Not specified, as the compromise was active during the workflow execution time.
- Privilege Escalation: Not explicitly detailed, but the action runs with the permissions granted to the workflow secret (e.g., GitHub PAT).
- Defense Evasion: Obfuscating secrets using double-encoded Base64 within existing workflow logging mechanisms.
- Credential Access: Harvesting secrets available to the running workflow environment.
- Discovery: N/A (Direct execution via compromised dependency).
- Lateral Movement: N/A (Targeted execution within CI/CD jobs).
- Collection: Capturing environment variables/secrets available during the workflow run.
- Exfiltration: Embedding collected secrets directly into the workflow standard output/logs.
- Impact: Exposure of sensitive secrets to anyone viewing the public workflow logs.
## Impact Assessment
- Financial: Unknown.
- Data Breach: Potential exposure of GitHub Personal Access Tokens (PATs), deployment credentials, or other secrets configured in CI workflows. Exposure confirmed within workflow logs of affected repositories. No external exfiltration observed.
- Operational: CI/CD pipelines relying on this action were compromised, requiring immediate review and secret rotation.
- Reputational: Significant reputational damage to the affected open-source projects due to supply chain failure. (Vulnerability tracked as CVE-2025-30066).
## Indicators of Compromise
- Behavioral indicators: Workflows unexpectedly writing large amounts of Base64-encoded strings to logs.
- File indicators: Modifications to scripts like `install.sh` within the action's execution context to include secret harvesting logic.
## Response Actions
- Containment: The offending repository (`tj-actions/changed-files`) was taken down approximately at 10:30 AM UTC, March 15, 2024.
- Eradication: Offending commits were removed, and the repository was restored.
- Recovery actions: Users were urged to audit their workflows and rotate any secrets exposed within historical workflow logs.
## Lessons Learned
- Dependency Chains are Critical: A compromise several layers deep in a dependency chain can impact widely used software (e.g., Action A relying on Action B, which relies on Action C).
- Trust Boundaries in CI/CD: CI/CD environments operate with high levels of trust, and secrets harvested here are directly exposed if logging is compromised.
- Cache Risk: Even after removal, cached versions of the malicious action could still pose a risk until cleaned or hardened builders are used.
## Recommendations
- Implement hardened runner environments (e.g., ephemeral, non-cached environments) for running external/untrusted code.
- Utilize tools for scanning dependencies and monitoring for changes in repository tags (especially pointing to new commits).
- Enforce strict secrets management policies, ensuring secrets critical enough to require rotation are never viewable in logs, even if obfuscated.
- Review and rotate all secrets associated with repositories that utilized the compromised action between the compromise date (approx. March 11) and the takedown date (March 15).