diff --git a/.github/workflows/bootstrap.yml b/.github/workflows/bootstrap.yml
index 816940136a..b0885e1ab3 100644
--- a/.github/workflows/bootstrap.yml
+++ b/.github/workflows/bootstrap.yml
@@ -31,6 +31,12 @@ jobs:
               bzip2 curl file gcc-c++ gcc gcc-gfortran git gnupg2 gzip \
               make patch unzip which xz python3 python3-devel tree \
               cmake bison bison-devel libstdc++-static
+      - name: Work around CVE-2022-24765
+        run: |
+          # See:
+          # - https://github.blog/2022-04-12-git-security-vulnerability-announced/
+          # - https://github.com/actions/checkout/issues/760
+          git config --global --add safe.directory /__w/spack/spack
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # @v2
       - name: Setup repo and non-root user
         run: |