CVE-2025-30066 on 办公AI智能小助手 https://blog.qife122.com/tags/cve-2025-30066/ Recent content in CVE-2025-30066 on 办公AI智能小助手 Hugo zh-cn qife Sun, 07 Dec 2025 11:51:17 +0800 GitHub Actions安全预警:tj-actions/changed-files供应链攻击导致CI/CD密钥泄露 https://blog.qife122.com/p/github-actions%E5%AE%89%E5%85%A8%E9%A2%84%E8%AD%A6tj-actions/changed-files%E4%BE%9B%E5%BA%94%E9%93%BE%E6%94%BB%E5%87%BB%E5%AF%BC%E8%87%B4ci/cd%E5%AF%86%E9%92%A5%E6%B3%84%E9%9C%B2/ Sun, 07 Dec 2025 11:51:17 +0800 https://blog.qife122.com/p/github-actions%E5%AE%89%E5%85%A8%E9%A2%84%E8%AD%A6tj-actions/changed-files%E4%BE%9B%E5%BA%94%E9%93%BE%E6%94%BB%E5%87%BB%E5%AF%BC%E8%87%B4ci/cd%E5%AF%86%E9%92%A5%E6%B3%84%E9%9C%B2/ <h2 id="漏洞概述">漏洞概述</h2> <p><strong>CVE-2025-30066</strong> 是一个影响 <code>tj-actions/changed-files</code> GitHub Action 的高危供应链攻击漏洞。该漏洞允许远程攻击者通过读取Actions日志来发现敏感密钥。受影响版本为45.0.7及之前的所有版本,已修复版本为46.0.1。</p>