Focus on source code security and collect the latest information at home and abroad!
Compiled by: Code Guard
There is a vulnerability in GitHub that makes thousands of repositories vulnerable to repojacking (repository hijacking) attacks.
Elad Rapoport, a security researcher at Checkmarx, mentioned in a technical report that the vulnerability "can allow attackers to exploit race conditions in GitHub repository creation and username renaming operations." "Successful exploitation of this vulnerability can lead to multiple languages such as More than 4,000 code packages in Go, PHP and Swift, as well as GitHub operations were hijacked."
GitHub fixed the issue on September 1 after receiving responsible disclosure on March 1, 2023.
Repojacking, or warehouse hijacking, means that threat actors are able to bypass a mechanism called "popular warehouse namespace exit" and ultimately take control of the warehouse. The purpose of this defensive measure is to prevent other users from creating repositories with the same repository name as those cloned more than 100 repositories when the user account was renamed, which means that the combination of username and repository name is considered an "exit". If this mechanism is easily bypassed, it could allow a threat actor to create an account with the same username and upload a malicious repository, leading to a software supply chain attack.
Researchers exploited an underlying race between control creation and username changes to achieve the warehouse hijack. Specific steps are as follows:
1. The victim owns the namespace “victim_user/repo”
2. The victim renamed “victim_user” to “renamed_user”
3. The "victim_user/repo" warehouse exits.
4. The threat actor who owns "attacker_user" also creates a repository named "repo" and changes the username "attacker_user" to "victim_user".
The last step is accomplished by intercepting API requests for repository creation and renamed requests for username changes. Nearly nine months ago, GitHub fixed a similar bypass vulnerability that could lead to repository hijacking attacks.
"The discovery of new vulnerabilities in GitHub repository creation and username renaming operations illustrates the persistent risks associated with the 'popular repository namespace exit' mechanism," the researchers noted.
Code Guard trial address: https://codesafe.qianxin.com
Open source guard trial address: https://oss.qianxin.com
Recommended reading
GitHub alerts Lazarus hacker group to use malicious projects to attack developers
Fake PoC of Linux kernel vulnerability posted on GitHub, specifically attacking researchers
Fake 0day PoC on GitHub pushes Windows and Linux malware
Millions of GitHub repositories are vulnerable to RepoJacking attacks
Original link
https://thehackernews.com/2023/09/critical-github-vulnerability-exposes.html
Title image: Pexels License
This article was compiled by Qi Anxin and does not represent the views of Qi Anxin. Please indicate "Reprinted from Qianxin Code Guard https://codesafe.qianxin.com" when reprinting.
Qi'anxin Code Safe (codesafe)
The first domestic product line focusing on software development security.
If you think it’s good, just click “Looking” or “Like”~