mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.7 KiB
1.7 KiB
CVE-2025-30066
Description
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
POC
Reference
- https://github.com/tj-actions/changed-files/issues/2464
- https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066
Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/Checkmarx/Checkmarx-CVE-2025-30066-Detection-Tool
- https://github.com/OS-pedrogustavobilro/test-changed-files
- https://github.com/chains-project/ghasum
- https://github.com/cybrota/scharf
- https://github.com/cybrota/scharf-action
- https://github.com/edamametechnologies/edamame_posture_cli
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/packetinside/CISA_BOT
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/ramimac/aws-customer-security-incidents
- https://github.com/step-security/harden-runner
- https://github.com/ums91/CISA_BOT
- https://github.com/yuya-takeyama/replicate-docker-version-tag-action
- https://github.com/zhanpengliu-tencent/medium-cve