GitHub repositories at risk of hacks due to a vulnerability

November 7, 2022
GitHub Repositories Digital Risk Hacking Vulnerability Brand Abuse

A new GitHub vulnerability was found recently, allowing threat actors to take over users’ repositories and spread malware to applications and codes. While the flaw has already been patched in GitHub’s ‘popular repository namespace retirement’ feature, experts warn that the same tool could be vulnerable to cyberattacks in the future.

These flawed GitHub repositories are exposed to an attack called ‘Repo Jacking,’ where threat actors hijack renamed repository URLs traffic and redirect it to an attacker-controlled repository by abusing a logical bug which breaks the original routing.

 

GitHub has created the popular repository namespace retirement feature to protect repositories against Repo Jacking attacks.

 

All GitHub repositories are associated with a unique URL connected to the creator’s user account. If these repositories get renamed, the platform generates a new URL for it and will reroute its traffic from the repository’s original URL.

Users who rename their repository will become vulnerable to Repo Jacking attacks, especially if the old username is still available for registration. The hackers will exploit this situation by creating a new GitHub account with similar combinations to match the old user’s repository URL.

GitHub establishing the popular repository namespace retirement feature aims to disrupt the risk of Repo Jacking attacks. The feature ensures that any GitHub repository with over 100 clones when its user account has been renamed will be tagged as ‘retired’, disallowing threat actors to hijack them.

Nevertheless, security researchers underline that this GitHub protection measure could still be bypassed after a PoC revealed that threat actors could take control of popular code packages in some commonly utilised package managers, such as Packagist, Go, and Swift.

The experts warned that more than 10,000 packages stored in the mentioned package managers had been discovered, which are at risk of Repo Jacking attacks if the hackers find a new bypass. Threat actors who successfully abuse this flaw could allow them to invade popular GitHub actions also consumed by specifying a namespace.

Once a popular GitHub action is poisoned, potential supply chain attacks with significantly negative impacts are feared. The widespread use of open-source libraries and code repositories has long attracted threat actors to commit cyberattacks, and when these events happen, the hackers could infect millions of hosts globally.

About the author

Leave a Reply