Dedupe GitHub Action Issue Comment Triggered Code Execution Vulnerability

A critical vulnerability has been identified in the Dedupe GitHub repository, specifically within the 'benchmark-bot.yml' workflow. This issue arises from the 'issue_comment' trigger, which can be exploited by using the '@benchmark' body. The workflow checks out the branch corresponding to the issue number, potentially allowing the execution of untrusted code. Such execution could lead to the exfiltration of the 'GITHUB_TOKEN', which has write permissions on most scopes, particularly 'contents', and could result in a repository takeover.

Impact

Exploitation of this vulnerability allows for arbitrary code execution in the GitHub Actions runner. This could be used to extract the 'GITHUB_TOKEN', which, due to its write permissions on repository contents, could facilitate a takeover of the repository.

Reproduction

To reproduce this vulnerability, trigger the 'issue_comment' event in the 'benchmark-bot.yml' workflow by mentioning '@benchmark' in the comment. This will execute the workflow with the 'GITHUB_TOKEN' that has write permissions on repository contents. Once the workflow is running, inject a malicious Python package that can be executed during the 'Install dependencies' step. This package could, for example, open a reverse shell and extract the 'GITHUB_TOKEN'.

Remediation

The vulnerability has been fixed in commit 3f61e79. It is recommended to avoid checking out untrusted code from pull requests unless absolutely necessary, and to minimize the permissions of the 'GITHUB_TOKEN' in workflows.