Tenable flags Microsoft GitHub workflow flaw risking code
Tenable identified a remote code execution vulnerability in Microsoft's Windows-driver-samples GitHub repository. The flaw exposed repository secrets and raised concerns about access to the project's automation workflow.
The issue was in a GitHub Actions workflow tied to the repository, a widely used developer resource with more than 7,700 stars and 5,000 forks. Tenable assigned it a CVSSv4 score of 9.3, saying it could allow an attacker to run unauthorised code and extract the repository's GITHUB_TOKEN.
According to the research, the attack path relied on a Python string injection flaw in the workflow. An attacker could open a GitHub issue, place malicious Python code in the issue description, and have that code executed automatically when the workflow ran on the GitHub runner.
This could lead to the exfiltration of repository secrets. In particular, the GITHUB_TOKEN could then be used for operations on the repository.
How it worked
The workflow was triggered by external user input and executed that input in a way that created an opening for code injection. Because any registered user can create a GitHub issue, the researchers described the route to exploitation as simple.
The token's permissions were central to the risk. Because the repository was created before GitHub's 2023 changes, and because the token allows at least issue creation when workflows do not set explicit permissions, the researchers said it was likely the token retained default read and write access.
If so, an unauthorised user could carry out privileged actions on Microsoft's behalf within the repository. Those actions could include creating issues or modifying repository content, creating a potential supply chain risk if code or related project material were altered.
The case adds to broader concerns in the cyber security industry about continuous integration and continuous delivery systems, or CI/CD pipelines. These systems automate software testing, building, and deployment, but they also sit close to source code, secrets, and release processes, making them attractive targets for attackers.
Tenable said the finding showed that automated development infrastructure should be treated as a core part of an organisation's attack surface, rather than as a secondary internal tool. Weak controls in these environments can have effects beyond a single repository if attackers gain the ability to tamper with software components used by others.
Pipeline risks
The research focused on Microsoft's Windows-driver-samples repository, which developers use as a reference source. Its visibility and broad use increased the significance of the exposure, because a compromise of a prominent code repository can undermine trust in the surrounding software development chain.
Security researchers have increasingly warned that developer platforms and build systems can become entry points for supply chain attacks. In such attacks, malicious changes are introduced upstream and then passed on to users or customers through software updates, code dependencies, or shared components.
Tenable urged organisations to review how automated workflows handle untrusted input and to avoid giving broad permissions to repository tokens unless those permissions are strictly necessary. It also recommended regular workflow audits for injection risks, particularly in jobs triggered by public-facing actions such as issue submissions.
The company also called for tighter security controls around build integrity and source code protection in automated pipelines. In practice, that means checking workflow logic, limiting secret exposure, and setting explicit permissions rather than relying on default configurations.
"The CI/CD infrastructure is part of an organisation's attack surface and software supply chain," said Rémy Marot, Staff Research Engineer at Tenable. "Without strong safeguards, a vulnerability in a pipeline can be exploited to trigger large-scale supply chain attacks and have critical impacts on downstream systems and users."