Tenable finds GitHub workflow flaw in Microsoft repo

Tenable Research found a remote code execution vulnerability in a Microsoft GitHub repository. The flaw affected workflow automation in the Windows-driver-samples repository.

The issue exposed a path to unauthorised code execution and access to repository secrets through GitHub Actions, the automation system used in software development pipelines.

With 5,000 forks and 7,700 stars, the repository is a visible project for developers and researchers. Tenable said its team showed how the workflow could be abused to compromise part of the software supply chain tied to the repository.

How it worked

According to the researchers, the weakness stemmed from a Python string injection flaw in an automated workflow. An attacker could open a GitHub issue, place malicious Python code in the issue description, and rely on the workflow to run that code automatically when the issue was created.

That would give the attacker execution within the GitHub runner used by the repository. The same route could also expose the GITHUB_TOKEN and other secrets configured for the project.

The token is used to perform actions on a repository. Because the repository predates 2023, and because the token allows at least issue creation without explicit permissions being set in the workflow, the researchers inferred that it was likely operating with default read and write access.

In practice, that could let an unauthorised user carry out actions in the repository with Microsoft-level privileges tied to the token, including creating issues or changing repository content.

Pipeline risk

The finding highlights a part of cyber risk that often sits behind customer-facing products. Continuous integration and continuous delivery pipelines are used to test, build, and publish code, but they also process external input and hold sensitive credentials, making them attractive targets.

Security researchers have increasingly focused on these development systems because a successful compromise can affect not only one application but also the code and updates distributed to downstream users. In this case, a simple issue submission by any registered GitHub user could have triggered the vulnerable workflow.

That ease of exploitation is likely to concern security teams reviewing their use of automation in open repositories. Workflows that respond to public-facing actions such as issues, pull requests, or comments can create openings if user input is not safely handled before scripts are executed.

Rémy Marot, Staff Research Engineer at Tenable, framed the issue as part of a broader security problem in software development environments.

"The CI/CD infrastructure is part of an organisation's attack surface and software supply chain," Marot said.

"Without strong safeguards, a vulnerability in a pipeline can be exploited to trigger large-scale supply chain attacks and have critical impacts on downstream systems and users," he added.

Controls urged

Tenable urged organisations to treat CI/CD systems as critical infrastructure rather than background tooling. It called for tighter controls around source code protection and build integrity in automated workflows.

The company also urged development teams to review token permissions explicitly instead of relying on inherited defaults. Restricting the GITHUB_TOKEN to the minimum access needed is a standard defence against abuse when a workflow is compromised.

Regular audits of automated workflows are also needed, especially where jobs are triggered by content supplied by external users. Input handling, permissions, and secret exposure remain central areas for review in GitHub Actions and similar systems.

The case underlines a wider challenge for companies that maintain public code repositories while relying on automation to manage contributions and project activity. Convenience features can reduce manual work for developers, but they can also widen the attack surface when workflows execute data from untrusted sources.

For Microsoft and other large software suppliers, such findings can carry weight beyond a single repository because development practices in prominent public projects are often copied by other teams. A flaw in a widely observed workflow can therefore become a lesson for the broader software industry as much as a problem in one codebase.

The scale of the Windows-driver-samples repository, with 5,000 forks and 7,700 stars, meant the workflow sat in a project with significant developer attention.