CVE-2022-46179

Name of the Vulnerable Software and Affected Versions LiuOS versions 0.1.0 and prior

Description LiuOS is a small Python project that imitates the functions of a regular operating system. The issue allows an attacker to set the GITHUB ACTIONS environment variable to anything other than null or true, which enables them to skip authentication checks. A test script is run instead of allowing login when the variable is set to true.

Recommendations For versions 0.1.0 and prior, a potential workaround is to check for the GITHUB ACTIONS environment variable and set it to null to force credential checks. Update to the latest commit (c658b4f3e57258acf5f6207a90c2f2169698ae22) which requires the GITHUB ACTIONS variable to be set to true, thus preventing attackers from skipping authentication checks.