CVE-2024-8156
Published: 20 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2024-8156 is a command injection vulnerability (CWE-77) in the workflow-checker.yml workflow of the significant-gravitas/autogpt GitHub repository. The issue arises from the insecure use of untrusted user input from `github.head.ref`, which allows arbitrary command injection. This affects versions up to and including the latest version, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An unauthenticated remote attacker can exploit the vulnerability by creating a GitHub branch name containing a malicious payload and opening a pull request to the repository. Successful exploitation enables arbitrary command execution, potentially leading to reverse shell access or theft of sensitive tokens and keys.
A patch addressing the vulnerability is available in commit 1df7d527dd37dff8363dc162fb58d300f072e302 at https://github.com/significant-gravitas/autogpt/commit/1df7d527dd37dff8363dc162fb58d300f072e302. Further details are provided on the Huntr bounty page at https://huntr.com/bounties/959efe87-f109-4cef-94d8-90ff2c7aef51.
AutoGPT is an AI agent framework, highlighting the vulnerability's relevance to AI/ML repositories relying on GitHub Actions workflows.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an unauthenticated command injection in a public GitHub Actions workflow triggered by PRs, directly enabling exploitation of public-facing applications (T1190) and arbitrary command execution on Unix-based runners (T1059.004).