all InfoSec news
How I Hacked Your Private Repository in GitHub (And Got JackShit)
April 12, 2024, 3:34 a.m. | Reuvein Vinokurov (CTO:UNIXi) - https://unixi.io/
InfoSec Write-ups - Medium infosecwriteups.com
TLDR: During my work with a third-party app integrating with GitHub, I discovered a critical vulnerability in the GitHub App installation flow leading to repository takeover. This vulnerability allows an attacker to hijack the integration process and gain unauthorized access to arbitrary private repositories, posing a significant security risk.
After reporting this security vulnerability to GitHub, I got back a statement that it is an “intentional design decision”.
Introduction
GitHub Apps, also …
More from infosecwriteups.com / InfoSec Write-ups - Medium
JNDI Injection — The Complete Story
4 days, 13 hours ago |
infosecwriteups.com
HacktheBox Starting Point: Explosion Walkthrough
6 days, 3 hours ago |
infosecwriteups.com
My LLM Bug Bounty Journey on Hugging Face Hub via Protect AI
6 days, 14 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Senior - Penetration Tester
@ Deloitte | Madrid, España
Associate Cyber Incident Responder
@ Highmark Health | PA, Working at Home - Pennsylvania
Senior Insider Threat Analyst
@ IT Concepts Inc. | Woodlawn, Maryland, United States