all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How I Hacked Your Private Repository in GitHub (And Got JackShit)

Add to bookmarks
April 12, 2024, 3:34 a.m. | Reuvein Vinokurov (CTO:UNIXi) - https://unixi.io/

InfoSec Write-ups - Medium infosecwriteups.com

Photo by Click and Boo on Unsplash

TLDR: During my work with a third-party app integrating with GitHub, I discovered a critical vulnerability in the GitHub App installation flow leading to repository takeover. This vulnerability allows an attacker to hijack the integration process and gain unauthorized access to arbitrary private repositories, posing a significant security risk.

After reporting this security vulnerability to GitHub, I got back a statement that it is an “intentional design decision”.

Introduction

GitHub Apps, also …

bug bounty cybersecurity github microsoft security

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

JNDI Injection — The Complete Story 4 days, 13 hours ago | infosecwriteups.com
bug bounty java jndi pentesting +1
Hundreds of companies’ internal data exposed — Part 2: The FreshService misconfiguration 5 days, 13 hours ago | infosecwriteups.com
bug bounty ethical hacking hacking security +1
HacktheBox Starting Point: Explosion Walkthrough 6 days, 3 hours ago | infosecwriteups.com
cybersecurity hacking hackthebox rdp
5 Ways I Can Find Your Deleted Files as An Ethical Hacker! 6 days, 14 hours ago | infosecwriteups.com
anonymity computer forensics cybersecurity file-recovery +1
For Business Reasons | TryHackMe Write-Up 6 days, 14 hours ago | infosecwriteups.com
ctf-writeup pivoting tryhackme-walkthrough tryhackme-writeup +1
BSQL Injection Shenanigans 6 days, 14 hours ago | infosecwriteups.com
academy access back blind +13
Bypassing UAC 6 days, 14 hours ago | infosecwriteups.com
account administrator bypass bypassing +15
My LLM Bug Bounty Journey on Hugging Face Hub via Protect AI 6 days, 14 hours ago | infosecwriteups.com
ai security black hat bounty bug +11
Hacking into 30+ tesla cars around the world using a third party software 6 days, 14 hours ago | infosecwriteups.com
automobile-industry security tesla-motors

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Senior - Penetration Tester

@ Deloitte | Madrid, España
View on infosec-jobs.com

Associate Cyber Incident Responder

@ Highmark Health | PA, Working at Home - Pennsylvania
View on infosec-jobs.com

Senior Insider Threat Analyst

@ IT Concepts Inc. | Woodlawn, Maryland, United States
View on infosec-jobs.com