H3-2025-0017¶

GitHub Actions Secrets Inheritance

Description¶

Secret inheritance using "secrets: inherit" can expose sensitive information to jobs or steps in the workflow that do not require it, violating the principle of least privilege and potentially leading to exploitation.

Impact¶

This increases the risk of accidental leakage or unauthorized access to secrets, potentially leading to data breaches or compromise of sensitive credentials.

References¶

• Zizmor Documentation
• CWE-272: Least Privilege Violation