Hacking

Experts found potential remote code execution in PyPI

A flaw in the GitHub Actions workflow for PyPI ’s source repository could be exploited to potentially execute arbitrary code on pypi.org.

Security researcher RyotaK disclosed three flaws in PyPI, the most severe one could potentially lead to the compromise of the entire PyPI infrastructure.

Python Package Index (PyPI) is the official third-party software repository for Python. PyPI as an index allows users to search for packages by keywords or by filters against their metadata, such as free software license or compatibility with POSIX.

The flaw affects the combine-prs.yml workflow in pypa/warehouse, which includes the current source code of PyPI.

This workflow allows to collect pull requests that have branch names starting with dependabot and merge them into a single pull request.

The workflow fails to verify the pull request author, this means that anyone could create a pull request with a specific name and have the workflow to process it.

The workflow did not verify the pull request author, anyone could create a pull request with a specific name and have the workflow to process it. RyotaK pointed out that it is still not possible to execute code because the workflow only combines pull requests and the result is reviewed by a human operator that could detect and discard any malicious code.

RyotaK discovered a flaw in the code used for printing branch lists of pull requests, the issue could be exploited to execute commands and leak GitHub Access Token with write permission against the pypa/warehouse repository.

“In this line, combine-prs.yml prints branch lists of pull requests by using the following code. It’s a simple echo command, which looks fine at first glance, but it’s not safe due to the GitHub Actions’ behavior.” states the expler

run: |
  echo "${{steps.fetch-branch-names.outputs.result}}"

“Because this workflow used actions/checkout, .git/config contains secrets.GITHUB_TOKEN, which has the write permissions. So, by executing commands like cat .git/config, it’s possible to leak GitHub Access Token with write permission against the pypa/warehouse repository. As described above, if someone pushed changes to the main branch, it’ll trigger the automatic deployment to pypi.org.”

Once an attacker has obtained write permission to the repository, it will be able to execute arbitrary code on pypi.org.

Below the step by step procedure to execute arbitrary codes on pypi.org:

  1. Fork pypa/warehouse
  2. In forked repository, create a branch named dependabot;cat$IFS$(echo$IFS'LmdpdA=='|base64$IFS'-d')/config|base64;sleep$IFS'10000';#4
  3. Add harmless modification to the created branch
  4. Create a pull request with a harmless name (e.g.: WIP)
  5. Wait for combine-prs.yml to be executed
  6. A GitHub Access Token that has the write permissions against pypa/warehouse will be leaked, so add an arbitrary modification to the main branch
  7. Modified codes will be deployed to pypi.org

The expert reported this vulnerability to Python’s security team that fixed it.

In an update provided on 31 July, the researcher @mrtc0 explained that the attack procedure above doesn’t work. RyotaK agreed and provided the following procedure:

attack procedure.

  1. Fork pypa/warehouse
  2. Find a branch that starts with dependabot in pypa/warehouse
  3. In forked repository, add a harmless modification to the branch that you found in step 2
  4. Create a pull request named `;github.auth().then(auth=>console.log(auth.token.split("")))//
  5. Wait for combine-prs.yml to be executed
  6. A GitHub Access Token that has the write permissions against pypa/warehouse will be leaked, so add an arbitrary modification to the main branch
  7. Modified codes will be deployed to pypi.org

The vulnerability discovered by the expert could have a significant impact to the Python ecosystem, the expert highlighted the risks of supply chain attacks.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, PyPI )

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

3 hours ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

7 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

21 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.