Secrets exfiltration vulnerability #2090
Description
Hi,
We found a critical vulnerability in one of the CI workflows in this repo. We already submitted a GHSA to securely disclose all the information and the POC to reproduce the issue.
The repository is still vulnerable, and exploiting the vulnerability, an attacker could exfiltrate secrets and a highly privileged GITHUB_TOKEN to revert the overall repo.
Let me know if we can provide any other information to fix it.