GH_CanPwnRequest

​

Edge Schema

• Source: GH_RepoRole
• Destination: GH_Repository, GH_Branch
• Traversable: ✅

​

General Information

​

Pwn Request Conditions

1. pull_request_target trigger: The workflow is triggered by pull_request_target, which runs in the context of the base branch and has access to the base branch’s secrets and permissions.
2. Attacker-controlled checkout: A step uses actions/checkout with a ref parameter pointing to the pull request head, meaning attacker-supplied code from the fork replaces the trusted repository contents. Detected ref patterns:
   • ${{ github.event.pull_request.head.sha }}
   • ${{ github.event.pull_request.head.ref }}
   • ${{ github.head_ref }}

​

Edge Drawing Conditions

1. Read access: The role has a GH_ReadRepoContents edge to the repository.
2. Forkability: The repository can be forked by the role holder.
3. Pwn-requestable workflow: The repository has at least one workflow with is_pwn_requestable = true.

​

Attack Impact

• Repository secrets scoped to the base branch
• Organization secrets accessible by the repository
• GITHUB_TOKEN with the workflow’s declared permissions
• OIDC tokens if id-token: write is set, enabling cloud identity assumption via GH_CanAssumeIdentity
• Environment secrets if the workflow job targets a deployment environment

​

Caveats

• OIDC traversal requires id-token: write: The attack chain from GH_CanPwnRequest through GH_CanAssumeIdentity to a cloud role is only valid if the pwn-requestable workflow or job explicitly declares id-token: write.
• GITHUB_TOKEN permissions: The permissions: block controls what the token can do, but does not limit secret access, OIDC token requests, or arbitrary code execution.