返回安全公告概览
Informational
CVE(s)
CVE-2025-30066
Updated:
产品
Cloud Optix
Intercept X Endpoint
Intercept X for Server
Sophos Central
Sophos Email
Sophos Firewall
Sophos Home
Sophos RED
Sophos UTM
Sophos Wireless
Sophos ZTNA
SophosLabs Intelix
发布 ID
sophos-sa-20250317-tj-action-compromise
文章版本
1
First Published
解决方法
No
Overview
On 14 March 2025, a security issue was reported in the tj-actions/changed-files GitHub Action, which identified that the Action’s code had been compromised by an external attacker.
The compromised code allowed the attacker to log CI/CD credentials from the Runner Worker process into the GitHub build logs. This could potentially lead to the exfiltration of sensitive credentials, particularly if the repository was public or if the attacker had access to the build logs.
Sophos has investigated the potential impact of the compromised Github Action and has found no evidence that any Sophos repositories or products were affected.