A critical credential leakage vulnerability in PraisonAI GitHub Actions allows attackers to steal tokens and execute a full supply chain compromise.

The vulnerability stems from improper configuration of the actions/checkout step, where persist-credentials is not set to false, causing sensitive authentication tokens to be written to .git/config and subsequently leaked through build artifacts.

The exposure of GITHUB_TOKEN and other secrets allows an attacker to perform unauthorized repository actions, including code injection, poisoning of software releases, and theft of sensitive intellectual property. Given the 9.1 CVSS score, this represents a major risk to the integrity of the software supply chain and downstream users.

Immediate Action: Update PraisonAI to version 4.5.140 and ensure all GitHub Actions workflows set persist-credentials: false in actions/checkout steps.

Proactive Monitoring: Audit existing repository secrets and rotate all tokens that were potentially exposed within artifacts generated by affected workflow versions.

Compensating Controls: Implement strict artifact access controls and scan build outputs for leaked credentials using automated secret scanning tools.

Public Exploit Available: Unknown

Organizations using PraisonAI must treat this as a high-priority supply chain security incident. Updating the software is mandatory, but security teams must also assume that any credentials used in previous CI/CD runs are compromised and initiate a full rotation of those secrets.