• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

GitHub Bug Exposed Repositories to Hijacking

You are here: Home / General Cyber Security News / GitHub Bug Exposed Repositories to Hijacking
October 27, 2022

Security researchers have uncovered a new flaw in GitHub which they say could have enabled attackers to choose management of repositories and distribute malware to linked apps and code.

Although GitHub has now fixed the bug in its “popular repository namespace retirement” characteristic, the exact same device could be qualified by danger actors in the future, Checkmarx warned. In reality, a individual vulnerability in the exact resource was exploited previously this 12 months, enabling hackers to hijack and poison popular PHP packages with millions of downloads.

Well known repository namespace retirement was designed by GitHub to guard towards so-identified as “repojacking.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


GitHub repositories have a special URL related to their creator’s person account. If end users determine to rename their account, a new URL will be generated and GitHub will redirect site visitors from the repository’s first URL.

“Repojacking is a procedure to hijack renamed repository URLs targeted visitors and routing it to the attacker’s repository by exploiting a sensible flaw that breaks the primary redirect,” discussed Checkmarx.

“A GitHub repository is susceptible to repojacking when its creator decided to rename his username while the previous username is accessible for registration. This usually means attackers can make a new GitHub account acquiring the similar blend to match the outdated repository URL applied by existing consumers.”

Preferred repository namespace retirement was meant to set a quit to this by making sure that any repository with much more than 100 clones at the time its consumer account is renamed is thought of “retired” and cannot be employed or hijacked by some others.

Nonetheless, Checkmarx’s bypass of the safety evaluate could have enabled the takeover of popular code deals in many deal professionals like Packagist, Go and Swift.

“We have determined over 10,000 deals in those people bundle administrators using renamed usernames and are at risk of being susceptible to this procedure in case a new bypass is found,” the agency warned.

“In addition, exploiting this bypass can also end result in a takeover of well-known GitHub actions, which are also consumed by specifying a GitHub namespace. Poisoning a common GitHub motion could direct to key source chain attacks with substantial repercussions.”

Mike Parkin, senior complex engineer at Vulcan Cyber, argued that the bug could have experienced a significant impression.

“Thousands of projects with thousands and thousands of end consumers rely on open source libraries and code repositories, which helps make the repositories a incredibly beautiful concentrate on for danger actors. If they can get management of the repository and insert malicious code into a trustworthy and widely used task, they can probably infect tens of 1000’s to most likely thousands and thousands of hosts with tiny further effort and hard work,” he additional. 

“This is primarily genuine for older assignments that may perhaps continue to be extensively utilised but are not as actively managed, as there are fewer eyes on the code so a malicious insertion could go unnoticed.”


Some areas of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Medibank Backtracks: All Customer Data Was Exposed to Hackers
Next Post: White House Launches Chemical Sector Security Sprint Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.