Summary: A supply chain compromise has affected the popular GitHub Action tj-actions/changed-files, leading to the unauthorized exposure of CI/CD secrets across over 23,000 repositories. The attackers modified the actionβs code to leak sensitive information, including AWS access keys and GitHub Personal Access Tokens, although there is no evidence of data exfiltration to attacker-controlled infrastructure. GitHub users are urged to update to the latest version and review workflows executed during the incident timeframe.
Affected: GitHub Action tj-actions/changed-files
Keypoints :
- The compromise was assigned CVE-2025-30066 with a CVSS score of 8.6.
- The attackers modified version tags to point to a malicious commit that prints secrets in CI/CD logs.
- Users are advised to upgrade to version 46.0.1 and review workflows for unexpected outputs.
- The incident follows a previous critical flaw (CVE-2023-49291) flagged in the tj-actions/changed-files Action.
- All versions of tj-actions/changed-files as of March 15, 2025, were found to be affected by the compromise.
Source: https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html
Views: 18