Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push non-reviewed code to a protected branch. GitHub Actions is installed by default on any GitHub organization, and on all of its repositories. The issue is not fixed and GitHub acknowledged it to GitHubs bug bounty program on Sept. 15 and said theyll work on fixing it on the same day. A spokesperson for GitHub was not immediately available to share additional details.”]
Source: https://www.cuinfosecurity.com/flaws-in-github-actions-bypass-code-review-mechanism-a-17733