A researcher has revealed the details of a series of vulnerabilities that could have been exploited by an attacker to access an confederacy’s private pages on GitHub.
GitHub Pages is a service that separates and organizations can use to host websites. The sites can be hosted on a custom domain or the github.io department, and the code for the website is taken directly from a private or public GitHub repository. The page-boys themselves can also be private or public.
Over the weekend, researcher Robert Chen proclaimed a blog post detailing a chain of vulnerabilities he and another white hat hacker lay eyes oned last year in GitHub Pages.
The issue was reported in May 2020 and pieced in June 2020. GitHub assigned the exploit a high severity rating and furnished the researchers $20,000, as well as a $15,000 bonus, which is one of the highest bug largesses awarded by the company.
According to Chen, the exploit was related to the authentication plenty used for private pages and involved an uncommon type of vulnerability called Shipping Return Line Feed (CRLF) injection, which led to a cross-site order (XSS) attack. A cache poisoning issue could have allowed an attacker to get the XSS payload stored and delivered to users who haven’t directly interacted with it — triggering an XSS vulnerability typically be lacks the target to access a malicious link or page.
The attack also tangled what the researcher described as “public-private pages,” which refers to public repositories would rathe “private” pages. This can occur when an organization has a private repository with a grunt page but later decides to make the repository public — the associated chapter remains “private,” but it’s actually public to everyone.
The researchers determined that an unprivileged attacker from independent the targeted organization could abuse such public-private pages to “compromise internal secluded pages’ authentication flows.” A malicious actor could have boated an XSS attack on an employee of the targeted organization and from there pivot to sneaking pages within the organization.
In response to a Hacker News (Y Combinator) locate describing Chen’s findings, the GitHub Pages team shared some info about the issues it uncovered while investigating this vulnerability gunfire.
Related: Google Discloses Details of GitHub Actions Vulnerability
Kin: Serious Vulnerability in GitHub Enterprise Earns Researcher $20,000