Impact
This is not a Parse Server package vulnerability. This affects the repository's CI/CD infrastructure only, including any public GitHub forks with GitHub Actions enabled. A GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permissions defined in the workflow that could potentially include code from a fork or lifecycle scripts.
Patches
The elevated permissions have been removed. Fixed in alpha branch as of commit 6b9f896 and in release branch as of commit e3d27fe. If you forked Parse Server in a public GitHub repository, push the latest commits to bring your forked alpha and release branches up-to-date with the parent repository.
Based on the information, logs, and permissions you provided, here is the complete bug bounty submission formatted in Markdown.
You can use this as a GitHub Issue or pull request description for parse-community/parse-server.
Security Issue
The workflow is triggered using pull_request_target. Unlike pull_request, this trigger runs in the context of the base repository, giving it access to secrets and write permissions defined in the workflow.
In the identified workflow, the process executes:
Checkout of the code (potentially including code from a fork).
Installation of dependencies via npm install (or similar commands).
The Vulnerability: Lifecycle Scripts
Because PR authors fully control package.json, they can define lifecycle scripts (such as preinstall, install, or postinstall). When npm install is run in the CI, these scripts execute automatically.
By modifying package.json in a fork, an attacker can inject arbitrary shell commands:
"scripts": {
"preinstall": "echo ____RCE_Success >&2;git${IFS}config${IFS}--list>&2;printenv | cut -d= -f1 || true>&2",
"prepare": "husky"
}
Elevated Permissions & Credential Exposure
The workflow runs with the following permissions:
contents: read
pull-requests: write
issues: write
Furthermore, the standard actions/checkout step persists the GITHUB_TOKEN in the local git configuration by default.
Impact:
Combined with the RCE, an attacker can:
Extract the GITHUB_TOKEN: As demonstrated in the logs (http.https://github.com/.extraheader=AUTHORIZATION: basic ***), the token is available in the git config.
Compromise Pull Requests/Issues: With write access, an attacker can maliciously label, close, or comment on issues/PRs to facilitate social engineering attacks or disrupt the project.
Repository Read Access: The attacker can clone the repository using the stolen credentials, accessing internal code if the repo were private (though this is open source, the context remains insecure).
Proof of Concept
A working exploit demonstration was performed to validate this vulnerability.
🔗 RCE Demonstration Link:
https://github.com/parse-community/parse-server/actions/runs/20065908328/job/57554280885?pr=9965#step:15:41
Execution Log Analysis:
The malicious preinstall script executed successfully, printing the "RCE Success" flag and dumping the git configuration, confirming that the runner is operating under the base repository's context with credentials attached.
preinstall
echo ____RCE_Success >&2;git${IFS}config${IFS}--list>&2;printenv | cut -d= -f1 || true>&2
____RCE_Success
safe.directory=*
filter.lfs.required=true
filter.lfs.clean=git-lfs clean -- %f
filter.lfs.smudge=git-lfs smudge -- %f
filter.lfs.process=git-lfs filter-process
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
remote.origin.url=https://github.com/parse-community/parse-server
remote.origin.fetch=+refs/heads/:refs/remotes/origin/
gc.auto=0
http.https://github.com/.extraheader=AUTHORIZATION: basic ***
Next Steps for you
Would you like me to generate the Git diff/patch code to actually fix this vulnerability (e.g., adding --ignore-scripts or changing the trigger) so you can include it in the solution section?
fix:
The issue has been fixed in #9966. The fix has been pushed to the 2 branches that were currently affected, the alpha (default) and release branch. No other workflows use the pull_request_target trigger. The trigger was added only recently.
Reporter
Barak Haryati
Director of Product Security, JFrog
https://github.com/barakharyati
This research was conducted as part of JFrog’s Open Source and Supply Chain Security Contribution efforts. 🐸
barakharyati Reporter
mtrezza Remediation developer
Impact
This is not a Parse Server package vulnerability. This affects the repository's CI/CD infrastructure only, including any public GitHub forks with GitHub Actions enabled. A GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permissions defined in the workflow that could potentially include code from a fork or lifecycle scripts.
Patches
The elevated permissions have been removed. Fixed in
alphabranch as of commit 6b9f896 and inreleasebranch as of commit e3d27fe. If you forked Parse Server in a public GitHub repository, push the latest commits to bring your forkedalphaandreleasebranches up-to-date with the parent repository.Based on the information, logs, and permissions you provided, here is the complete bug bounty submission formatted in Markdown.
You can use this as a GitHub Issue or pull request description for parse-community/parse-server.
Security Issue
The workflow is triggered using pull_request_target. Unlike pull_request, this trigger runs in the context of the base repository, giving it access to secrets and write permissions defined in the workflow.
In the identified workflow, the process executes:
Checkout of the code (potentially including code from a fork).
Installation of dependencies via npm install (or similar commands).
The Vulnerability: Lifecycle Scripts
Because PR authors fully control package.json, they can define lifecycle scripts (such as preinstall, install, or postinstall). When npm install is run in the CI, these scripts execute automatically.
By modifying package.json in a fork, an attacker can inject arbitrary shell commands:
"scripts": {
"preinstall": "echo ____RCE_Success >&2;git${IFS}config${IFS}--list>&2;printenv | cut -d= -f1 || true>&2",
"prepare": "husky"
}
Elevated Permissions & Credential Exposure
The workflow runs with the following permissions:
contents: read
pull-requests: write
issues: write
Furthermore, the standard actions/checkout step persists the GITHUB_TOKEN in the local git configuration by default.
Impact:
Combined with the RCE, an attacker can:
Extract the GITHUB_TOKEN: As demonstrated in the logs (http.https://github.com/.extraheader=AUTHORIZATION: basic ***), the token is available in the git config.
Compromise Pull Requests/Issues: With write access, an attacker can maliciously label, close, or comment on issues/PRs to facilitate social engineering attacks or disrupt the project.
Repository Read Access: The attacker can clone the repository using the stolen credentials, accessing internal code if the repo were private (though this is open source, the context remains insecure).
Proof of Concept
A working exploit demonstration was performed to validate this vulnerability.
🔗 RCE Demonstration Link:
https://github.com/parse-community/parse-server/actions/runs/20065908328/job/57554280885?pr=9965#step:15:41
Execution Log Analysis:
The malicious preinstall script executed successfully, printing the "RCE Success" flag and dumping the git configuration, confirming that the runner is operating under the base repository's context with credentials attached.
preinstall
fix:
The issue has been fixed in #9966. The fix has been pushed to the 2 branches that were currently affected, the alpha (default) and release branch. No other workflows use the pull_request_target trigger. The trigger was added only recently.
Reporter
Barak Haryati
Director of Product Security, JFrog
https://github.com/barakharyati
This research was conducted as part of JFrog’s Open Source and Supply Chain Security Contribution efforts. 🐸