Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack

Started by Theo Gottwald, September 12, 2023, 05:25:59 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Theo Gottwald

September 12, 2023, 05:25:59 PM
QuoteA new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show.

The flaw "could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations," Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News.

"Successful exploitation of this vulnerability impacts the open-source community by enabling the hijacking of over 4,000 code packages in languages such as Go, PHP, and Swift, as well as GitHub actions."

Following responsible disclosure on March 1, 2023, the Microsoft-owned code hosting platform has addressed the issue as of September 1, 2023.

Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack

Zlatko Vid

#1
November 14, 2023, 08:35:39 AM
I know  one thing...
stupid ,ugly Github blocked my own account  >:(
because i refuse give them my phone number
...good thing ..i already deleted all my stuff from there
and move everything on sourceForge.

Charles..please
update your sourceForge files

Charles Pegge

#2
November 14, 2023, 03:17:50 PM
OK Aurel, yes I've updated SourceForge,  and I have FTP access to the website this time. Can edit pages directly on-site with NotePad :)

Zlatko Vid

#3
November 14, 2023, 07:06:38 PM
Thanks  :)
simply because i cannot download anything from github.
Print
Go Up Pages1
User actions