Try JFrog
Guides
Contact SupportTry JFrog
  1. advanced-security
  2. Misconfigurations Scans

GitHub Actions Workflow Scanner: Pwn-Request Detection

This scanner, available as part of JFrog Advanced Security, detects the "Pwn-Request" vulnerability in GitHub Actions workflows.

What Is a Pwn-Request?

A GitHub workflow that runs on pull_request_target and checks out the pull request code may be vulnerable to GitHub Actions code injection. An attacker can open a pull request from a forked repository and include malicious code that executes within the workflow's context. Depending on the workflow's permissions and environment, the attacker's code may perform unauthorized or harmful actions.

What Is the Risk?

An attacker may exploit the workflow to access sensitive data available in the workflow's environment, such as API keys or other secrets. Additionally, if the workflow has write permissions to the repository, the attacker may be able to modify the project by pushing malicious code.

What Are The Conditions for a Vulnerable Workflow?

This attack pattern requires two conditions to be present simultaneously in a workflow definition:

  1. The workflow uses the pull_request_target trigger (which runs with the target repo's privileges).
  2. The workflow checks out the PR's head code (untrusted, attacker-controlled code) and runs it in that privileged context.

How Does the Scanner Work?

The scanner performs static analysis on GitHub Actions workflow YAML files and flags a vulnerable configuration (all must be true to flag):

  1. The workflow YAML has a pull_request_target trigger.

  2. A step using actions/checkout sets its ref to the PR head (github.event.pull_request.head.sha, github.head_ref, or refs/pull/.../merge), meaning untrusted code from the PR fork would get checked out at runtime.

  3. No known mitigation is in place (any one of these marks the workflow as safe):

    1. Fork restriction: The workflow definition contains a condition that would prevent execution when the PR originates from a fork, either at the workflow level or on every job. This makes the checkout safe since an attacker cannot submit code from a fork.
    2. Trusted actor restriction: The workflow definition contains a condition that would restrict execution to trusted bots (like dependabot or renovate), either at the workflow level or on every job. Such bots are considered safe, so checking out code from their pull requests should not trigger an alert.

Updated about 12 hours ago