JFrog Open Source Security Contribution – Critical Vulnerability in Meshery GitHub Actions Workflow
2 views
Skip to first unread message
Barak Haryati
Dec 7, 2025, 8:55:02 AM12/7/25
to secu...@meshery.dev
Hello Meshery Team,
🐸🐸 JFrog Open Source Security Contribution 🐸🐸
As part of JFrog’s ongoing Open Source Security initiative, I am
reporting a critical security issue in your GitHub Actions workflows.
The vulnerability allows untrusted PR code to run inside a trusted
pull_request_target context with access to sensitive secrets, leading
to a potential full repository compromise.
________________________________
🚨 Security Issue
Your workflow uses:
pull_request_target
and explicitly checks out attacker-controlled code:
ref: ${{ github.event.pull_request.head.sha }}
This means the workflow runs with:
The base repository's permissions
The base repository's secrets
The PR author’s code (fork-controlled)
The workflow then executes attacker-controlled logic through:
make ui-build
make server
make test-e2e-ci
During the E2E stage, the job exposes several sensitive secrets to
attacker-controlled code:
REMOTE_PROVIDER_TEST_USER_EMAIL
REMOTE_PROVIDER_TEST_USER_PASS
REMOTE_PROVIDER_TEST_USER_TOKEN
MESHERY_CI (a privileged GitHub token)
Although paths-ignore includes Makefile, this does not prevent
exploitation. The workflow will still run if the attacker modifies any
non-ignored file, allowing code execution through npm scripts, Go
code, or Makefile targets.
________________________________
🔥 Impact
A malicious PR author or compromised fork can:
Execute arbitrary code in your CI environment
Exfiltrate provider credentials
Exfiltrate MESHERY_CI, enabling direct pushes or workflow tampering
Potentially compromise downstream users (supply-chain risk)
This is a high/critical severity issue due to the combination of
pull_request_target, untrusted code execution, and exposed secrets.
________________________________
🧪 Proof of Concept
A working example demonstrating the vulnerability:
https://github.com/meshery/meshery/actions/runs/20004600192/job/57364903509?pr=16596#step:4:61
This run shows PR-controlled code executing inside a trusted context
where secrets were available.
BR,
Barak Haryati
i will be happy to open a bug after you will fix it
thank you
--
You received this message because you are subscribed to the Google Groups "Meshery Security and Vulnerability Reports" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security+u...@meshery.dev.
To view this discussion visit https://groups.google.com/a/meshery.dev/d/msgid/security/CABx_TAQQE6zL5-WN5Wb2ofp5Xs4XFQ5t_L5_WdJzDQyWVdvk1g%40mail.gmail.com.
🐸🐸 JFrog Open Source Security Contribution 🐸🐸
As part of JFrog’s ongoing Open Source Security initiative, I am
reporting a critical security issue in your GitHub Actions workflows.
The vulnerability allows untrusted PR code to run inside a trusted
pull_request_target context with access to sensitive secrets, leading
to a potential full repository compromise.
________________________________
🚨 Security Issue
Your workflow uses:
pull_request_target
and explicitly checks out attacker-controlled code:
ref: ${{ github.event.pull_request.head.sha }}
This means the workflow runs with:
The base repository's permissions
The base repository's secrets
The PR author’s code (fork-controlled)
The workflow then executes attacker-controlled logic through:
make ui-build
make server
make test-e2e-ci
During the E2E stage, the job exposes several sensitive secrets to
attacker-controlled code:
REMOTE_PROVIDER_TEST_USER_EMAIL
REMOTE_PROVIDER_TEST_USER_PASS
REMOTE_PROVIDER_TEST_USER_TOKEN
MESHERY_CI (a privileged GitHub token)
Although paths-ignore includes Makefile, this does not prevent
exploitation. The workflow will still run if the attacker modifies any
non-ignored file, allowing code execution through npm scripts, Go
code, or Makefile targets.
________________________________
🔥 Impact
A malicious PR author or compromised fork can:
Execute arbitrary code in your CI environment
Exfiltrate provider credentials
Exfiltrate MESHERY_CI, enabling direct pushes or workflow tampering
Potentially compromise downstream users (supply-chain risk)
This is a high/critical severity issue due to the combination of
pull_request_target, untrusted code execution, and exposed secrets.
________________________________
🧪 Proof of Concept
A working example demonstrating the vulnerability:
https://github.com/meshery/meshery/actions/runs/20004600192/job/57364903509?pr=16596#step:4:61
This run shows PR-controlled code executing inside a trusted context
where secrets were available.
BR,
Barak Haryati
i will be happy to open a bug after you will fix it
thank you
--
You received this message because you are subscribed to the Google Groups "Meshery Security and Vulnerability Reports" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security+u...@meshery.dev.
To view this discussion visit https://groups.google.com/a/meshery.dev/d/msgid/security/CABx_TAQQE6zL5-WN5Wb2ofp5Xs4XFQ5t_L5_WdJzDQyWVdvk1g%40mail.gmail.com.
Lee Calcote
Dec 7, 2025, 8:56:36 AM12/7/25
to ian.r....@gmail.com, Meshery Maintainers
Hi Ian,
Is this one that you would like to dig through?
- Lee
Begin forwarded message:
From: Barak Haryati <barak...@gmail.com>
Date: December 7, 2025 at 7:55:04 AM CST
To: secu...@meshery.dev
Subject: JFrog Open Source Security Contribution – Critical Vulnerability in Meshery GitHub Actions Workflow
Hello Meshery Team,
--
Visit and engage with the Meshery community in the forum at http://discuss.meshery.io or in Slack at https://slack.meshery.io.
---
You received this message because you are subscribed to the Google Groups "Meshery Maintainers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to maintainers...@meshery.io.
To view this discussion visit https://groups.google.com/a/meshery.io/d/msgid/maintainers/CABx_TAQQE6zL5-WN5Wb2ofp5Xs4XFQ5t_L5_WdJzDQyWVdvk1g%40mail.gmail.com.
Barak Haryati
Dec 9, 2025, 9:45:38 AM12/9/25
to secu...@meshery.dev
Hello any update?
To view this discussion visit https://groups.google.com/a/meshery.dev/d/msgid/security/CABx_TASbp2H7Prz2HwUnD8eaCdwZK5ys5aDif-svHkw4x0eh_A%40mail.gmail.com.
Lee Calcote
Dec 10, 2025, 9:22:31 AM12/10/25
to Barak Haryati, secu...@meshery.dev, Meshery Maintainers
Barak,
Thank you for filing this report. We acknowledge it and have it queued for consideration.
In the meantime, your public reporting of this is prior to maintainers having addressed the concern is irresponsible and undesirable. Please desist such behavior in future reports.
Thank you,
Lee Calcote
--
Visit and engage with the Meshery community in the forum at http://discuss.meshery.io or in Slack at https://slack.meshery.io.
---
You received this message because you are subscribed to the Google Groups "Meshery Maintainers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to maintainers...@meshery.io.
To view this discussion visit https://groups.google.com/a/meshery.io/d/msgid/maintainers/CABx_TASbp2H7Prz2HwUnD8eaCdwZK5ys5aDif-svHkw4x0eh_A%40mail.gmail.com.
'Lee Calcote' via Meshery Security and Vulnerability Reports
Dec 10, 2025, 10:42:26 PM12/10/25
to Meshery Maintainers, secu...@meshery.dev
Team,
This vulnerability report is not what it seems. It is likely a social engineering attack.
- email (below)
- this was the second time this “user” opened a PR against our repo (first time here)
I will be reporting this abuse to GitHub.
Separately, we should continue our discussion and attempt to improve our project’s security posture here
- Lee
Begin forwarded message:From: Barak Haryati <barak...@gmail.com>
Subject: Re: [meshery-maintainers] JFrog Open Source Security Contribution – Critical Vulnerability in Meshery GitHub Actions WorkflowDate: December 10, 2025 at 8:43:49 AM CSTTo: Lee Calcote <lee.c...@layer5.io>Hi Lee,
You are right here,
We missed the security advisory and sent it as a PR as part of an
open-source contribution.
I'm very sorry about that.
It's strongly recommended to disable it as soon as possible.
'Lee Calcote' via Meshery Security and Vulnerability Reports
Dec 10, 2025, 11:19:23 PM12/10/25
to Meshery Maintainers, secu...@meshery.dev
Team,
On the subject of improving Meshery’s security posture, here is a helpful reference - https://openssf.org/blog/2024/08/12/mitigating-attack-vectors-in-github-workflows/
- Lee
To view this discussion visit https://groups.google.com/a/meshery.io/d/msgid/maintainers/0653AA1A-721E-4B0F-AADB-FE324EB7975C%40layer5.io.
--
You received this message because you are subscribed to the Google Groups "Meshery Security and Vulnerability Reports" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security+u...@meshery.dev.
To view this discussion visit https://groups.google.com/a/meshery.dev/d/msgid/security/81E3DC11-9BF5-4194-9C17-59ED0D40C14B%40layer5.io.You received this message because you are subscribed to the Google Groups "Meshery Security and Vulnerability Reports" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security+u...@meshery.dev.
Reply all
Reply to author
Forward
0 new messages