elementary-data
elementary-data PyPI and GHCR Forged Release
An attacker exploited a GitHub Actions script-injection flaw in elementary-data's issue-update workflow to forge release state, tag v0.23.3 at an orphan commit, and dispatch the legitimate release pipeline. That pipeline published elementary-data==0.23.3 to PyPI and pushed compromised GHCR images tagged 0.23.3 and latest. The artifacts used a Python .pth file to execute at interpreter startup, unpack a multi-stage credential stealer, collect local, cloud, container, Kubernetes, package-manager, wallet, and system secrets, and exfiltrate them as trin.tar.gz.
- Date
- 2026-04-24 to 2026-04-25
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- CI/CD
- Impact
- Credential theft
- Cause
- CI/CD Exploit
What Was Affected
Package
elementary-data
LanguagePython
ComponentLibrary
Artifact typesource archive/container image
Domain typepackage host
Domain
pypi.org, ghcr.io
Repository
github.com/elementary-data/elementary
Compromised Versions
Incident Context
- Motive
- Credential Theft
- Attribution
- Third Party
- Transitive
- Yes
- User Impact
- 0
- Observed Duration
- 1 days
Evidence
Compromised Artifacts
Indicators and Changes
Hashes
sha256:31ecc5939de6d24cf60c50d4ca26cf7a8c322db82a8ce4bd122ebd89cf634255
Commits
External References
Source Data
Source record: oss/elementary-data/meta.yaml