Researchers uncover a novel Github vulnerability that might let an attacker exploit a race condition in GitHub’s repository creation and username renaming operations.
A Repojacking attack may be carried out using this method. Exploiting this issue successfully impacts the open-source community by allowing the hijacking of over 4,000 code packages in languages such as Go, PHP, and Swift, as well as GitHub operations.
“This finding marks the fourth time a unique method was identified that could potentially bypass GitHub’s “Popular repository namespace retirement” mechanism,” Checkmarx reports. The issue has been resolved and reported to GitHub.
How Does An Attacker Take Control Of A Github Repository?
Using the repo jacking approach, an attacker may take over a GitHub vulnerability repository by taking advantage of a logical error that exposes susceptible, renamed users.
On GitHub, the hacker takes control of a legitimate and frequently used namespace. A namespace is created by combining the username and repository name.
With DoControl, you can keep your SaaS applications and data safe and secure by creating workflows tailored to your needs. It’s an easy and efficient way to identify and manage risks. You can mitigate the risk and exposure of your organization’s SaaS applications in just a few simple steps.
When the original username is modified using GitHub’s “user rename” option, a namespace becomes potentially susceptible to Repojacking.
The method for changing a username is simple and quick. The fact that all traffic to the old repository’s URL will be routed to the new one is made clear via a warning.
A crucial impact is mentioned in GitHub’s documentation for this feature: “After changing your username, your old username becomes available for anyone else to claim.”
“Once the username is renamed, an attacker can claim the old username, open a repo under the matching repo name, and hijack the namespace,” researchers said.
Furthermore, taking advantage of this bypass might result in a takeover of popular GitHub operations, which are likewise consumed by providing a GitHub namespace.
Poisoning a well-liked GitHub activity might result in large Supply Chain attacks with far-reaching effects.
According to a recent Aqua study, even big businesses like Google and Lyft were susceptible to this kind of attack. This emphasizes how serious the vulnerability is because it may affect some of the largest names in the IT sector, who have already taken swift action to reduce the risks after being informed.
Mitigation
A protective feature called “popular repository namespace retirement” was implemented by GitHub to reduce this potentially dangerous behavior.
Under this policy, any repository with more than 100 clones when its user account is changed is deemed “retired” and is not accessible to other users.
To reduce the attack surface, avoiding retired namespaces is advised. You should also ensure that your code has no dependencies that might result in a GitHub repository that is susceptible to RepoJacking.
Keep informed about the latest cybersecurity news by following us on Google News, Linkedin, Twitter, and Facebook.