GitHub PAT Leak: Attack Chain Widens
2025-04-15
Security researchers at Wiz discovered that attackers exploited a vulnerability in reviewdog/action-setup@v1 to steal a GitHub Personal Access Token (PAT), leading to a wider security incident. This wasn't an isolated incident; several other GitHub Actions maintained by the same developer, including reviewdog/action-shellcheck, are potentially affected. While GitHub and reviewdog maintainers have patched the vulnerability, Wiz warns that if compromised actions remain in use and secrets aren't rotated, attackers could still exploit "tj-actions/changed-files" to launch a repeat attack.