CVE-2025-30066

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-30066

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30066.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-30066

Aliases

GHSA-mrrh-fwg8-r2c3

Published

2025-03-15T06:15:12Z

Modified

2025-03-29T02:53:35.041658Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)

References

Affected packages

Git / github.com/tj-actions/changed-files

Affected ranges

Type: GIT
Repo: https://github.com/tj-actions/changed-files
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a284dc1814e3fd07f2e34267fc8f81227ed29fb8

Affected versions

Other

v10

v11

v12

v16

v17

v18

v19

v20

v21

v22

v23

v24

v25

v26

v27

v28

v29

v30

v31

v32

v33

v34

v36

v37

v38

v39

v40

v41

v42

v43

v44

v45

v1.*

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.1

v1.2.2

v1.3.0

v1.3.1

v10.*

v10.1

v11.*

v11.1

v11.2

v11.3

v11.4

v11.5

v11.6

v11.7

v11.8

v11.9

v12.*

v12.1

v12.2

v15.*

v15.1

v17.*

v17.1

v17.2

v17.3

v18.*

v18.1

v18.2

v18.3

v18.4

v18.5

v18.6

v18.7

v19.*

v19.1

v19.2

v19.3

v2.*

v2.0.0

v2.0.1

v2.1

v20.*

v20.1

v20.2

v22.*

v22.1

v22.2

v23.*

v23.1

v23.2

v24.*

v24.1

v26.*

v26.1

v28.*

v28.0.0

v29.*

v29.0.0

v29.0.1

v29.0.2

v29.0.3

v29.0.4

v29.0.5

v29.0.6

v29.0.7

v29.0.8

v29.0.9

v3.*

v3.1

v3.2

v3.3

v30.*

v30.0.0

v31.*

v31.0.0

v31.0.1

v31.0.2

v31.0.3

v32.*

v32.0.0

v32.0.1

v32.1.0

v32.1.1

v32.1.2

v33.*

v33.0.0

v34.*

v34.0.0

v34.0.1

v34.0.2

v34.0.3

v34.0.4

v34.0.5

v34.1.1

v34.2.0

v34.2.1

v34.2.2

v34.3.0

v34.3.1

v34.3.2

v34.3.3

v34.3.4

v34.4.0

v34.4.1

v34.4.2

v34.4.3

v34.4.4

v34.5.0

v34.5.1

v34.5.2

v34.5.3

v34.5.4

v34.6.0

v34.6.1

v34.6.2

v35.*

v35.0.0

v35.0.1

v35.1.0

v35.1.1

v35.1.2

v35.2.0

v35.2.1

v35.3.0

v35.3.1

v35.3.2

v35.4.0

v35.4.1

v35.4.2

v35.4.3

v35.4.4

v35.5.0

v35.5.1

v35.5.2

v35.5.3

v35.5.4

v35.5.5

v35.5.6

v35.6.0

v35.6.1

v35.6.2

v35.6.3

v35.6.4

v35.7.0

v35.7.0-sec

v35.7.1

v35.7.10

v35.7.11

v35.7.12

v35.7.2

v35.7.3

v35.7.4

v35.7.5

v35.7.6

v35.7.7

v35.7.8

v35.7.9

v35.8.0

v35.9.0

v35.9.1

v35.9.2

v36.*

v36.0.0

v36.0.1

v36.0.10

v36.0.11

v36.0.12

v36.0.13

v36.0.14

v36.0.15

v36.0.16

v36.0.17

v36.0.18

v36.0.2

v36.0.3

v36.0.4

v36.0.5

v36.0.6

v36.0.7

v36.0.8

v36.0.9

v36.1.0

v36.2.0

v36.2.1

v36.3.0

v36.4.0

v36.4.1

v36.4.2

v37.*

v37.0.0

v37.0.1

v37.0.2

v37.0.3

v37.0.4

v37.0.5

v37.1.0

v37.1.1

v37.1.2

v37.2.0

v37.3.0

v37.4.0

v37.5.0

v37.5.1

v37.5.2

v37.6.0

v37.6.1

v38.*

v38.0.0

v38.1.0

v38.1.1

v38.1.2

v38.1.3

v38.2.0

v38.2.1

v38.2.2

v39.*

v39.0.0

v39.0.1

v39.0.2

v39.0.3

v39.1.0

v39.1.1

v39.1.2

v39.2.0

v39.2.1

v39.2.2

v39.2.3

v39.2.4

v4.*

v4.1

v4.2

v4.3

v4.4

v40.*

v40.0.0

v40.0.1

v40.0.2

v40.1.0

v40.1.1

v40.2.0

v40.2.1

v40.2.2

v40.2.3

v41.*

v41.0.0

v41.0.1

v41.1.0

v41.1.1

v41.1.2

v42.*

v42.0.0

v42.0.1

v42.0.2

v42.0.3

v42.0.4

v42.0.5

v42.0.6

v42.0.7

v42.1.0

v43.*

v43.0.0

v43.0.1

v44.*

v44.0.0

v44.0.1

v44.1.0

v44.2.0

v44.3.0

v44.4.0

v44.5.0

v44.5.1

v44.5.2

v44.5.3

v44.5.4

v44.5.5

v44.5.6

v44.5.7

v45.*

v45.0.0

v45.0.1

v45.0.2

v45.0.3

v45.0.4

v45.0.5

v45.0.6

v45.0.7

v45.0.8

v45.0.9

v5.*

v5.1

v5.2

v5.3

v6.*

v6.1

v6.2

v6.3

v8.*

v8.1

v8.2

v8.3

v8.4

v8.5

v8.6

v8.7

v8.8

v8.9

v9.*

v9.1

v9.2

v9.3