Recent findings by cybersecurity experts have brought to light a significant vulnerability within CI/CD workflows, posing a threat to open-source supply chains. The issue, identified by Novee Security and named Cordyceps, highlights a critical pattern allowing unauthorized individuals to manipulate these workflows, impacting many major global companies.
Vulnerability Overview
Dubbed Cordyceps, this flaw can potentially enable attackers to gain control over repositories without needing special access. Elad Meged, a key engineer at Novee Security, emphasized that even users with basic, free accounts could exploit this flaw to forge approvals, inject code, or compromise credentials.
Analyzing around 30,000 high-impact repositories, the penetration-testing team discovered over 300 susceptible to full exploitation. This could lead to unauthorized code execution, theft of credentials, and broader supply chain disruptions, which might have severe downstream repercussions.
Implications of Weak CI/CD Configurations
The root cause of this vulnerability is attributed to weak configurations in CI/CD systems, allowing pull requests more permissions than necessary. Typically, pull requests are intended to integrate code changes, but if untrusted, they can trigger privileged workflows, potentially resulting in command injection and privilege escalation.
Novee Security explained that these vulnerabilities are embedded in the basic structure of open-source frameworks, often escaping detection by traditional scanners. They emphasize that the real threat stems from untrusted data breaching security boundaries that remain unmonitored.
Case Studies and Industry Response
Several instances have highlighted the risks associated with this vulnerability. For instance, a comment on a pull request in Microsoft’s Azure Sentinel could allow unauthorized execution of code, potentially leading to the theft of a GitHub App key. Similarly, a pull request in Google’s AI Agent Development Kit could grant complete control over a Google Cloud repository.
Other noted cases include Apache Doris and Cloudflare Workers SDK, where specific pull requests could execute malicious commands. The Python Software Foundation’s Black was also found vulnerable to unauthorized code execution by any pull request, threatening the integrity of their systems.
Following these discoveries, companies such as Microsoft and Google have acknowledged the impact, while entities like Cloudflare, Python, and Apache have implemented necessary hardening measures and patches to address the vulnerabilities.
Elad Meged stressed that these vulnerabilities are pervasive, capable of spreading rapidly among repositories, effectively allowing attackers to manipulate workflows silently across some of the largest corporations worldwide.
