Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)
Vulnerability Description
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS (DoH) vulnerability allows attackers to bypass egress-policy: block network restrictions by tunneling exfiltrated data through permitted HTTPS endpoints like dns.google. The attack works by encoding sensitive data (e.g., the runner's hostname) as subdomains in DoH queries, which appear as legitimate HTTPS traffic to Harden-Runner's domain-based filtering but are ultimately forwarded to an attacker-controlled domain. This effectively enables data exfiltration without directly connecting to any blocked destination. Exploitation requires the attacker to already have code execution within the GitHub Actions workflow. The issue was fixed in version 2.16.0.
CVSS Information
N/A
Vulnerability Type
保护机制失效
Vulnerability Title
Harden-Runner 安全漏洞
Vulnerability Description
Harden-Runner是StepSecurity开源的一个程序。为 GitHub 托管和自托管的跑步者提供网络出口过滤和运行时安全。 Harden-Runner 2.15.1及之前版本存在安全漏洞,该漏洞源于DNS over HTTPS漏洞允许通过允许的HTTPS端点隧道传输数据,从而绕过出口策略网络限制。
CVSS Information
N/A
Vulnerability Type
N/A