tj-actions_changed-files
tj-actions GitHub Actions compromised via token leak
A maintainer's personal access token (PAT) with repository write access was leaked from a compromised development environment. This potentially allowed attackers to modify the code of several `tj-actions`, including `changed-files`, used in GitHub Actions workflows. Such modifications could exfiltrate secrets or execute malicious code within users\' CI/CD pipelines.
- Date
- 2025-03-14 to 2025-03-15
- Category
- Open Source
- Target Surface
- Revision control
- Insertion Phase
- CI/CD
- Impact
- Data Exfiltration
- Cause
- Compromised Account/Credentials
What Was Affected
Package
tj-actions_changed-files
LanguageShell
ComponentLibrary
Artifact typerevision control system
Domain typecode host
Domain
github.com
Repository
github.com/tj-actions/changed-files
Incident Context
- Motive
- Credential Theft
- Attribution
- Individual Hacker
- Transitive
- No
- Observed Duration
- 1 days
Evidence
Compromised Artifacts
- github.com/tj-actions/changed-files/tree/0e58ed8671d6b60d0890c21b07f8835ace038e67
- github.com/tj-actions/changed-files/archive/0e58ed8671d6b60d0890c21b07f8835ace038e67.zip
Current Artifacts and Analysis
Indicators and Changes
Commits
External References
Source Data
Source record: oss/tj-actions_changed-files/meta.yaml