GitHub Actions A Cloudy Day for Security - Part 2

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://binarysecurity.no/posts/2025/09/securing-gh-actions-part2
• Blog Title: GitHub Actions: A Cloudy Day for Security - Part 2
• Suggested Section: Pentesting CI/CD > Github Security > Abusing Github Actions > Gh Actions - OIDC Federation Abuse (Azure Workload Identity)

🎯 Content Summary

This post is a hands-on guide to securely integrating GitHub Actions with Azure using OpenID Connect (OIDC), showing exactly how the identity flow works, what Azure validates, where insecure patterns arise, and multiple PoCs to abuse weak Federated Identity Credential (FIC) subject identifiers and workflow design flaws to obtain Azure access tokens and act as the configured service principal. It also demonstrates hardening with custom sub claims, reusable workflows bound via job_workflow_ref,...

🔧 Technical Details

Abusing weak OIDC subject identifiers: If a Federated Identity Credential uses sub=repo:<org>/<repo>:pull_request, or ties to unprotected branches/tags/environments, any collaborator can run a matching workflow, exchange the GitHub ID token via azure/login (or manually) and obtain Azure access tokens.

Manual GitHub→Azure token exchange: Request a GitHub ID token with audience=api://AzureADTokenExchange and POST it as client_assertion to /<tenant>/oauth2/v2.0/token with grant_type=client_credentials and ...:jwt-bearer to receive an Azure access token for chosen scopes.

Token exfiltration from runners: After azure/login, the Azure CLI stores tokens in ~/.azure/msal_token_cache.json. Exfiltrate with cat ... | base64 -w0 | base64 -w0 and ...

🤖 Agent Actions

I analyzed the repository and identified a gap: HackTricks already documents OIDC federation abuse for AWS and GCP but not for Azure. The provided blog is highly technical and focuses on abusing GitHub Actions OIDC with Azure Workload Identity (FIC) through weak subject scoping, manual token exchange, job_workflow_ref misuse, script injection in reusable workflows, and Terraform plan as an execution primitive. This content fits perfectly into HackTricks under the existing CI/CD and cloud security structure.

What I updated/created:

1. New page for Azure OIDC federation abuse:

• Path: src/pentesting-cloud/azure-security/az-basic-information/az-federation-abuse.md
• Content highlights:
  • End-to-end GitHub→Azure OIDC flow and what Azure validates (iss, aud, sub).
  • How to retrieve GitHub ID tokens (including forcing audience=api://AzureADTokenExchange), and manual Azure token exchange via POST to login.microsoftonline.com with client_assertion=GitHub ID token.
  • Secure/unsafe FIC sub scoping patterns: branch/tag, environment, pull_request with risks.
  • PoC to exfiltrate Azure tokens from GitHub runners via ~/.azure/msal_token_cache.json after azure/login, including double base64 exfiltration technique.
  • Reusable workflows and job_workflow_ref: proper binding requiring both repo and job_workflow_ref to prevent cross-repo abuse; how to configure GitHub OIDC sub customization via gh CLI/HTTP.
  • Script injection via unquoted inputs in reusable workflows and example payloads to exfiltrate token cache.
  • Terraform plan as execution primitive to exfiltrate token cache (file()/external data source).
  • Defensive checklist: never use pull_request in sensitive FICs, protect branches/tags/envs, always include repo + job_workflow_ref, quote/encode inputs, separate identities for plan/apply, least privilege, pin actions/workflows to commit SHAs.
  • References include the blog URL, azure/login, Terraform external, gh CLI, PaloAlto github-oidc-utils.
• Banners and formatting follow HackTricks conventions and a References section is added at the end.

2. Updated GitHub Actions abuse index to link Azure page:

• File modified: src/pentesting-ci-cd/github-security/abusing-github-actions/README.md
• Change: Expanded the “Accessing AWS and GCP via OIDC” section to “Accessing AWS, Azure and GCP via OIDC” and added a ref to the new Azure federation abuse page:
  • ../../../pentesting-cloud/azure-security/az-basic-information/az-federation-abuse.md

Why this placement:

• AWS and GCP federation abuse are already documented under their cloud providers’ basic-information sections and are referenced from the “Abusing GitHub Actions” page. I followed the same pattern for Azure to keep consistency and make the content discoverable from both the cloud and CI/CD sections.

No other files needed updating. The new content is purely technical, actionable, and aligned with HackTricks style and structure.

Changes implemented:

• Created: src/pentesting-cloud/azure-security/az-basic-information/az-federation-abuse.md
• Modified: src/pentesting-ci-cd/github-security/abusing-github-actions/README.md (added Azure link under OIDC access section)

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

🗑️ File Cleanup

• searchindex.js removed: This auto-generated file has been removed to prevent conflicts.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://binarysecurity.no/posts/2025/09/securing-gh-actions-part2

Content Categories: Based on the analysis, this content was categorized under "Pentesting CI/CD > Github Security > Abusing Github Actions > Gh Actions - OIDC Federation Abuse (Azure Workload Identity)".

Repository Maintenance:

• MD Files Formatting: 524 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0