H3-2025-0004¶
GitHub Actions Artifacts Credential Leakage
| Category | CREDENTIALS |
| Base Score | 4.0 |
Description¶
Misconfigured Github Action workflows utilizing actions/checkout and actions/upload-artifact can inadvertently leak credentials to publicly accessible artifacts.
Impact¶
Remote attackers who can find these artifacts may be able to recover git credentials and gain access to the GitHub repository.