Token Exposure in GitHub Composite Action by Canonical
CVE-2025-31479
8.2HIGH
What is CVE-2025-31479?
The get-workflow-version-action, a composite action developed by Canonical for GitHub, has a vulnerability that leads to the potential exposure of the GITHUB_TOKEN in plaintext logs. If the action fails, the output may display a truncated version of the token, which can be accessed by anyone who has read access to the repository. This poses a security risk, especially for public repositories where logs are visible to anyone. The vulnerability has been addressed in version 1.0.1, which ensures that tokens are properly handled to prevent unauthorized access.
Affected Version(s)
get-workflow-version-action < 1.0.1