Expert Hacks Private Repositories on GitHub by Combining 5 Low-Severity Bugs

GitHub's bug bounty program appears to be a success

Now that GitHub has launched a bug bounty program, many security researchers are taking a crack at the code repository. One of them is Egor Homakov, who has managed to gain access to private GitHub repositories by using a combination of 5 low-severity flaws.

Separately, the 5 vulnerabilities can’t be exploited to cause too much damage, but when combined, they result in a high-severity exploit.

GitHub fixed the vulnerabilities shortly after they were reported by the security expert. Homakov has been rewarded with $4,000 (€2,935), which is the highest payment made by GitHub so far.

The security holes, as described by GitHub, are an OAuth partial open redirect, a Gist Camo bypass that allows referer leakage, abuse of markdown caching to bypass nonreferer rel attribute on private Gist links, Gist OAuth token stored in a CookieSession session, and an auto approval of arbitrary OAuth scope for Gist.

Additional technical details are available on Homakov’s blog and on Reddit.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s