CVE-2024-42471 Overview
CVE-2024-42471 is a path traversal vulnerability [CWE-22] affecting the actions/artifact package in the GitHub Actions Toolkit. Versions on the 2.x branch before 2.1.2 fail to validate filenames inside downloaded artifacts. An attacker who supplies a maliciously crafted artifact can write arbitrary files outside the intended extraction directory when a workflow calls downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal. The flaw follows the classic Zip Slip pattern, where archive entries contain ../ sequences. GitHub released a fix in version 2.1.2 of the toolkit.
Critical Impact
Arbitrary file write through artifact extraction can lead to source code tampering, CI/CD pipeline compromise, and lateral movement into downstream build systems.
Affected Products
- GitHub actions/artifact (Node.js) versions 2.0.0 through 2.1.1
- GitHub actions/toolkit repository components consuming the vulnerable artifact module
- Workflows and self-hosted runners depending on the 2.x branch prior to 2.1.2
Discovery Timeline
- 2024-09-02 - CVE-2024-42471 published to the National Vulnerability Database
- 2025-08-27 - Last updated in NVD database
Technical Details for CVE-2024-42471
Vulnerability Analysis
The actions/artifact package downloads and extracts artifact archives produced by GitHub Actions workflows. The 2.x branch before 2.1.2 extracts archive entries without validating that resolved file paths remain inside the target directory. An attacker who controls or uploads an artifact can embed entries with traversal sequences such as ../../etc/cron.d/payload. When a downstream workflow extracts the artifact, the runner writes attacker-controlled content to arbitrary locations on the file system.
The impact depends on runner privileges and reused build directories. On self-hosted runners, an attacker can overwrite shell profile scripts, SSH keys, or build configuration files. On GitHub-hosted runners, an attacker can poison subsequent build steps within the same job by overwriting source files, lockfiles, or compiled binaries before they are signed or published.
Root Cause
The root cause is missing path canonicalization during artifact extraction. The extraction logic concatenated archive entry names with the destination directory without verifying that the normalized path remained within the destination. This is the Zip Slip class of vulnerability documented by Snyk. The fix in pull request #1666 validates each entry path against the resolved extraction root before writing.
Attack Vector
Exploitation requires an attacker to deliver a crafted artifact that a victim workflow downloads. In public repositories, this can occur when a workflow consumes artifacts from a forked pull request or from a workflow run triggered by an untrusted contributor. Cross-repository artifact downloads via downloadArtifactPublic widen the attack surface. The vector is network-based and requires no authentication or user interaction once a vulnerable workflow is triggered. See the GitHub Security Advisory GHSA-6q32-hq47-5qq3 and Snyk Zip Slip Vulnerability Analysis for additional technical detail.
Detection Methods for CVE-2024-42471
Indicators of Compromise
- Files written outside the documented artifact extraction path on GitHub Actions runners
- Modifications to shell startup scripts, SSH authorized_keys, or build configuration files immediately following an artifact download step
- Unexpected changes to source files or lockfiles between checkout and build steps within the same workflow run
- Workflow logs containing artifact entry names with .. path segments
Detection Strategies
- Inventory all workflows and reusable actions that depend on @actions/artifact 2.x and flag versions earlier than 2.1.2
- Inspect CI/CD audit logs for artifact downloads originating from forked pull requests or untrusted workflow runs
- Run filesystem integrity checks on self-hosted runners after artifact extraction to detect writes outside the workspace
Monitoring Recommendations
- Forward GitHub Actions audit logs and runner filesystem telemetry to a centralized analytics platform for retrospective hunting
- Alert on artifact archives that contain entries with traversal sequences or absolute paths
- Monitor self-hosted runner hosts for unexpected file creation outside _work directories during workflow execution
How to Mitigate CVE-2024-42471
Immediate Actions Required
- Upgrade @actions/artifact to version 2.1.2 or later across all workflows, composite actions, and internal toolchains
- Audit package.json and package-lock.json files in private actions for transitive dependencies pinned to vulnerable 2.x releases
- Rotate any secrets exposed on self-hosted runners that processed untrusted artifacts before patching
Patch Information
GitHub fixed the issue in @actions/artifact version 2.1.2. The patch is described in GitHub Pull Request #1666 and disclosed in GitHub Security Advisory GHSA-6q32-hq47-5qq3. The fix validates extracted file paths against the destination root and rejects entries that resolve outside it.
Workarounds
- No vendor-supplied workarounds exist; upgrading to 2.1.2 or later is the only supported remediation
- As a defense-in-depth measure, isolate artifact extraction in ephemeral runners or containers so traversal writes do not persist
- Restrict workflows that download artifacts from forks using pull_request_target controls and require maintainer approval
# Upgrade the vulnerable package in a Node.js action or toolchain
npm install @actions/artifact@^2.1.2
# Verify the resolved version
npm ls @actions/artifact
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
