Repo swatting attack deletes/blocks GitHub and GitLab accounts
Published Fri, Nov 1st, 2024
Platforms
Summary
A technique called "repo swatting" allows attackers to delete GitHub and block GitLab accounts by exploiting file upload features and abuse reporting mechanisms. Attackers upload malicious files to a target's repository, then report the account for hosting malicious content, potentially resulting in account deletion. The vulnerability was partially mitigated by October 2024 via changes in upload URL paths and requirement for each uploader to be authenticated (in GitHub).
Affected Services
N/A
Remediation
None required
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/sshayb
Entry Status
Finalized
Disclosure Date
Fri, Nov 1st, 2024
Exploitability Period
Ongoing, partially mitigated in October 2024
Known ITW Exploitation
-
Detection Methods
Monitor repositories for unexpected file uploads, especially executables or suspicious file types. Regularly review repository contents and activity logs for any anomalies or unauthorized changes.
Piercing Index Rating
-
Discovered by
Paul McCarty, SourceCodeRed
