VDB

GCVE-110-OSM-2026-5145

GCVE-110-OSM-2026-5145
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 1, 2026
Compromised release of the legitimate @redhat-cloud-services/javascript-clients-shared npm package. Malicious versions 2.0.8, 2.0.9, 2.0.11 were published from Red Hat's compromised GitHub Actions OIDC pipeline and carry a preinstall credential-harvesting implant that steals cloud, CI/CD, npm/PyPI, SSH and GPG secrets — including live secrets read from the Runner.Worker /proc memory — and exfiltrates via GitHub dead-drop C2. Part of a coordinated supply-chain compromise of 32 packages in the @redhat-cloud-services scope. === EXECUTION === Malicious payload delivered via a preinstall script in package.json that runs `node index.js` before any application code executes. The bundled index.js is ~4.2 MB (anomalous for a library) and runs automatically on `npm install`. === OBFUSCATION === Layered: ROT-21 Caesar cipher over numeric char-code arrays; AES-128-GCM (two blobs: _b Bun downloader, _p main implant); obfuscator.io with a non-standard base64 alphabet; custom "B5" cipher using PBKDF2 (200,000 iterations, SHA-256) + Fisher-Yates byte substitution. === CREDENTIAL HARVESTING === Targets GitHub Actions (GITHUB_TOKEN, ACTIONS_RUNTIME_TOKEN, ACTIONS_ID_TOKEN_REQUEST_TOKEN, NPM_TOKEN), AWS (keys + ~/.aws/credentials), GCP application-default + service-account keys, Azure service principal + managed-identity tokens, HashiCorp Vault (VAULT_TOKEN/VAULT_ADDR), Kubernetes in-cluster SA token + ~/.kube/config, npm ~/.npmrc, PyPI ~/.pypirc, SSH private keys (~/.ssh/id_rsa, ~/.ssh/id_ed25519), Docker ~/.docker/config.json, GPG ~/.gnupg/, and .env files across the filesystem. Reads /proc/<pid>/mem of the Runner.Worker process to extract live secrets, and queries the GitHub Actions runtime API via ACTIONS_RUNTIME_TOKEN to identify masked secrets. Harvested npm tokens are reused with a bypass_2fa parameter to override two-factor auth. === PERSISTENCE / C2 === GitHub dead-drop C2 via the GitHub Contents API (creates refs/commits carrying base64-encoded exfil data). VS Code task injection via .vscode/tasks.json (folderOpen trigger). Claude Code hijack via ~/.claude/settings.json SessionStart hook. C2 domains remained encrypted/unrecovered at time of reporting. === DELIVERY === Compromised upstream CI/CD: affected versions were published from RedHatInsights/javascript-clients via GitHub Actions OIDC, indicating the maintainer's CI/CD pipeline was compromised (not typosquat/dependency-confusion). === IOCs === B5 cipher password: ba2c6ddb3672bdd6a611e6850b4f700b52aed3dab2f1b3d5f8c839d4a157a709 B5 cipher salt: 5b26508dc0f1075a7c0b4d8aa464487e AES-128-GCM key (_b/Bun downloader): 4c26cf9791bce1bfd4b84eba80ce2754 AES-128-GCM IV (_b): 1241582f04234f7192feacba AES-128-GCM key (_p/main implant): ec514c074caf0ffdce6c66a0e95753d8 AES-128-GCM IV (_p): 1251c3b85365f9b56a956c10 Payload drop path: /tmp/p<random>.js ; Bun binary in randomly-named /tmp/ subdir Affected RedHatInsights repos (victim CI/CD): javascript-clients (#492), frontend-components (#2329), platform-frontend-ai-toolkit (#57) Sources: https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown@redhat-cloud-services/javascript-clients-shared

Browse GCVE Records

71,925 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›