CVE-2025-31479

Name of the Vulnerable Software and Affected Versions canonical/get-workflow-version-action versions prior to 1.0.1

Description The issue concerns a GitHub composite action that may include the GITHUB TOKEN in exception output if the get-workflow-version-action step fails. Although GitHub automatically redacts the full token from logs, a truncated token may be displayed in plaintext, posing a risk. Anyone with read access to the repository can view these logs, and for public repositories, this access is unrestricted. The window for exploitation is limited to the time between the token's display in logs and the job's completion, after which the GITHUB TOKEN is automatically revoked.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 to resolve the issue. As a temporary workaround, consider restricting access to GitHub Actions logs to minimize the risk of token exposure.