In January of 2025, a potential supply chain attack on GitHub CodeQL was uncovered by exploiting a publicly exposed secret that lasted for just 1.022 seconds at a time. This attack allowed an attacker to execute code in GitHub Actions workflows in most repositories using CodeQL, impacting both public GitHub and GitHub Enterprise. The attacker could compromise intellectual property, steal credentials, execute code on internal infrastructure, and compromise GitHub Actions secrets. The vulnerability, leading to CVE-2025-24362, was disclosed responsibly to GitHub, resulting in rapid remediation. The attack highlights the need for awareness and understanding of vulnerabilities in DevOps and security communities.
https://www.praetorian.com/blog/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/