Linux
For a few days earlier this year, rogue GitHub apps could have hijacked countless repos
A GitHub bug could have been exploited earlier this year by connected third-party apps to hijack victims’ source-code repositories. For almost a week in late February and early March, rogue applications could have generated scoped installation tokens with elevated permissions, allowing them to gain otherwise unauthorized write or administrative access to developers’ repos. For example, if an app was granted read-only access to an organization or individual’s code repo, the app could effortlessly escalate that to read-write access.