Cordyceps CI/CD weakness lets anonymous pull requests hijack build pipelines
Researchers at Novee disclosed Cordyceps, a systemic class of weaknesses in CI/CD pipelines, especially GitHub Actions workflows, that lets an attacker with nothing more than a free account hijack a project's build and release process. The danger is not a single bug but how workflows chain together: an untrusted pull request or comment feeds a low-privilege workflow whose output flows into a higher-privilege one, ending in stolen credentials, poisoned artifacts, or malicious releases. A scan of 30,000 repositories found over 300 fully exploitable, with fixes confirmed by Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. Standard scanners miss it because they check files in isolation.
- Check
- Audit your GitHub Actions and other CI/CD workflows for steps that pass untrusted pull-request or comment data into higher-privilege jobs, and inventory where workflow tokens grant cloud or registry access.
- Affected
- Organizations whose CI/CD pipelines run workflows triggered by untrusted pull requests or comments, particularly GitHub Actions setups where low-privilege and high-privilege jobs share data and tokens across trust boundaries.
- Fix
- Treat workflow files as security-critical code, apply least privilege to workflow tokens, isolate untrusted pull-request triggers, sanitize data crossing between jobs, and review CI/CD changes generated by AI coding tools.