TheGitHub Security Lab team has identified a potential security vulnerability inHome Assistant's GitHub Actions.

Summary

Thehome-assistant/actionshelpers/version workflow is vulnerable to a command injection in GitHub Actions, allowing an attacker to leak secrets and alter the repository using the workflow potentially.

Credit

This issue was discovered and reported by GHSL team members@jorgectf (Jorge) and@p- (Peter Stöckli).

GitHub Security Lab (GHSL) Vulnerability Report:GHSL-2023-179