{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-46820", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-04-30T19:41:58.134Z", "datePublished": "2025-05-06T18:48:52.176Z", "dateUpdated": "2025-05-06T19:02:09.024Z"}, "containers": {"cna": {"title": "phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-312", "lang": "en", "description": "CWE-312: Cleartext Storage of Sensitive Information", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-522", "lang": "en", "description": "CWE-522: Insufficiently Protected Credentials", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-538", "lang": "en", "description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/phpgt/Dom/security/advisories/GHSA-cwj7-6v67-2cm4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/phpgt/Dom/security/advisories/GHSA-cwj7-6v67-2cm4"}, {"name": "https://github.com/phpgt/Dom/commit/205cddcc82c002dfa48e874494efbf4c49497394", "tags": ["x_refsource_MISC"], "url": "https://github.com/phpgt/Dom/commit/205cddcc82c002dfa48e874494efbf4c49497394"}], "affected": [{"vendor": "phpgt", "product": "Dom", "versions": [{"version": "< 4.1.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-06T18:48:52.176Z"}, "descriptions": [{"lang": "en", "value": "phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUB_TOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the GitHub API to push malicious code or rewrite release commits in your repository. Any downstream user of the repository may be affected, but the token should only be valid for the duration of the workflow run, limiting the time during which exploitation could occur. Version 4.1.8 fixes the issue."}], "source": {"advisory": "GHSA-cwj7-6v67-2cm4", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-06T19:01:15.686908Z", "id": "CVE-2025-46820", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T19:02:09.024Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46820", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-06T19:01:15.686908Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T19:01:31.707Z"}}], "cna": {"title": "phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact", "source": {"advisory": "GHSA-cwj7-6v67-2cm4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "phpgt", "product": "Dom", "versions": [{"status": "affected", "version": "< 4.1.8"}]}], "references": [{"url": "https://github.com/phpgt/Dom/security/advisories/GHSA-cwj7-6v67-2cm4", "name": "https://github.com/phpgt/Dom/security/advisories/GHSA-cwj7-6v67-2cm4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/phpgt/Dom/commit/205cddcc82c002dfa48e874494efbf4c49497394", "name": "https://github.com/phpgt/Dom/commit/205cddcc82c002dfa48e874494efbf4c49497394", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUB_TOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the GitHub API to push malicious code or rewrite release commits in your repository. Any downstream user of the repository may be affected, but the token should only be valid for the duration of the workflow run, limiting the time during which exploitation could occur. Version 4.1.8 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312: Cleartext Storage of Sensitive Information"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-538", "description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-06T18:48:52.176Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46820", "state": "PUBLISHED", "dateUpdated": "2025-05-06T19:02:09.024Z", "dateReserved": "2025-04-30T19:41:58.134Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-05-06T18:48:52.176Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUB_TOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the GitHub API to push malicious code or rewrite release commits in your repository. Any downstream user of the repository may be affected, but the token should only be valid for the duration of the workflow run, limiting the time during which exploitation could occur. Version 4.1.8 fixes the issue."}, {"lang": "es", "value": "phpgt/Dom proporciona acceso a las API modernas de DOM. Las versiones de phpgt/Dom anteriores a la 4.1.8 exponen el token GITHUB_TOKEN en el artefacto de ejecuci\u00f3n del flujo de trabajo de Dom. El archivo de flujo de trabajo ci.yml utiliza actions/upload-artifact@v4 para cargar el artefacto de compilaci\u00f3n. Este artefacto es un archivo zip del directorio actual, que incluye el archivo .git/config generado autom\u00e1ticamente que contiene el token GITHUB_TOKEN de la ejecuci\u00f3n. Dado que el artefacto se puede descargar antes de que finalice el flujo de trabajo, un atacante puede extraer el token del artefacto durante unos segundos y usarlo con la API de GitHub para enviar c\u00f3digo malicioso o reescribir las confirmaciones de versiones en el repositorio. Cualquier usuario intermedio del repositorio puede verse afectado, pero el token solo deber\u00eda ser v\u00e1lido mientras dure la ejecuci\u00f3n del flujo de trabajo, lo que limita el tiempo de explotaci\u00f3n. La versi\u00f3n 4.1.8 soluciona el problema."}], "id": "CVE-2025-46820", "lastModified": "2025-05-07T14:13:20.483", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.5, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-05-06T19:16:00.223", "references": [{"source": "[email protected]", "url": "https://github.com/phpgt/Dom/commit/205cddcc82c002dfa48e874494efbf4c49497394"}, {"source": "[email protected]", "url": "https://github.com/phpgt/Dom/security/advisories/GHSA-cwj7-6v67-2cm4"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-312"}, {"lang": "en", "value": "CWE-522"}, {"lang": "en", "value": "CWE-538"}], "source": "[email protected]", "type": "Primary"}]}

{}