codeql icon indicating copy to clipboard operation
codeql copied to clipboard
verified publisher icon github

Actions: improve improper access control query

Open redsun82 opened this issue 1 month ago • 0 comments

The query was firing an alert only when both unsafe conditions were met:

  • a synchronize trigger
  • a mutable reference checkout

However, both these can cause problems alone. The query has thus been changed to detect either of the two, rather than both conditions at the same time.

Closes: https://github.com/github/codeql/issues/20706

redsun82 avatar Nov 25 '25 07:11 redsun82