Emissary GitHub Actions Workflow Shell Injection Vulnerability

A critical shell injection vulnerability has been identified in Emissary, a P2P data-driven workflow engine, in versions prior to 8.39.0. The issue arises in GitHub Actions workflow files, where user-controlled inputs from 'workflow_dispatch' were directly interpolated into shell commands. This flaw allowed an attacker with repository write access to inject arbitrary shell commands, potentially leading to repository poisoning and supply chain compromises for downstream users.

Impact

Exploitation of this vulnerability allowed for arbitrary code execution within the CI/CD runner, modification of the repository via the 'contents: write' token, supply chain poisoning for downstream users, and exfiltration of credentials from the GitHub Actions environment.

Reproduction

The vulnerability can be reproduced by creating a GitHub Actions workflow that uses 'workflow_dispatch' inputs. When the workflow is triggered, any injected commands would be executed in the shell, taking advantage of the 'GITHUB_TOKEN' permissions to modify the repository or access sensitive information.

Remediation

The vulnerability has been fixed in version 8.39.0. Organizations that have forked Emissary should apply the same environment variable indirection and input validation patterns to their workflow files.