Study Reveals Security Risks in GitHub Actions Workflows of Popular Repositories

A study by Sysdig and CyberSecurityNews has revealed that several highly popular repositories, including those from MITRE and Splunk, are using dangerous configurations in their GitHub Actions workflows, particularly by misusing the pull_request_target event. This practice grants pull requests from external collaborators access to the repository's secrets, opening the door to supply chain attacks and credential theft.