Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label GitHub Access Token. Show all posts
Zero day
Authentication Tokens CVE Data Breach GitHub Access Token malicious VS Code extensions Microsoft vulnerability Zero day

Researcher Reveals VS Code Flaw That Could Expose GitHub Access Tokens Through a Single Click

A publicly disclosed security flaw affecting the browser-based version of Visual Studio Code has drawn attention from developers after a researcher demonstrated how attackers could potentially obtain GitHub authentication tokens through a single user interaction.

The issue was disclosed by security researcher Ammar Askar, who published technical details alongside proof-of-concept code showing how the vulnerability could be abused. At the time of disclosure, no CVE identifier had been assigned and Microsoft had not released an official software patch.

According to Askar's analysis, the weakness exists within github.dev, GitHub's web-based development environment that allows users to work with repositories directly from a browser using technology derived from Visual Studio Code. The attack takes advantage of the way VS Code's webview components communicate with the main editor environment.

Webviews are embedded browser windows used by extensions and web applications to display interactive content. While these components are designed to operate within restricted environments, the researcher found a method to abuse the message-passing mechanism that connects a webview to the editor interface.

The published demonstration shows how malicious JavaScript running inside a webview can trigger actions within the main editor window. By simulating keyboard input and user activity, the code can install a malicious extension without requiring the victim to manually perform the installation process.

Once deployed, the extension is capable of extracting a GitHub OAuth token that is transmitted when users access github.dev. OAuth tokens act as authorization credentials that allow applications to interact with GitHub services on behalf of authenticated users.

According to the researcher, the security concern extends beyond access to a single repository. The token passed to github.dev can inherit the permissions associated with the user's GitHub account, potentially granting access to every repository available to that account, including private projects.

Using the proof-of-concept attack, a malicious extension can retrieve the token and communicate with GitHub's API. This allows an attacker to identify repositories accessible to the compromised account and gather information about private development resources.

Askar argued that the broad permissions associated with the token significantly increase the potential impact of exploitation because access is not limited to the repository that initially triggered the github.dev session.

To reduce exposure while no official fix was available, the researcher advised users to clear cookies and locally stored site data associated with github.dev. Removing this stored data forces additional authentication checks that can help expose suspicious sign-in attempts.

After clearing the stored information, users attempting to access github.dev through a malicious link would be more likely to encounter a warning indicating that the GitHub Repositories extension is requesting authorization through GitHub. Such prompts can serve as an indication that unexpected account access is being requested.

The disclosure also highlighted ongoing tensions surrounding vulnerability reporting processes. Askar stated that GitHub was notified approximately one hour before publication of the research. He described the disclosure as a deliberate decision to release the information publicly rather than pursue a lengthy coordinated disclosure process.

The researcher cited previous interactions involving another VS Code vulnerability that he reported through Microsoft's security channels. According to his account, the issue was later addressed without attribution and was classified as having no security impact despite his concerns regarding its implications.

Askar said that experience influenced his decision to publicly disclose future VS Code security findings rather than continue working through Microsoft's reporting process.

The incident follows several other public disclosures involving Microsoft products by an independent researcher operating under the online alias "Nightmare Eclipse." Over recent months, that researcher has released details regarding multiple unpatched vulnerabilities affecting Windows and related Microsoft technologies, including flaws known as BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend.

Some of those vulnerabilities were later reported as being actively exploited, further intensifying discussions within the security community about vulnerability handling, disclosure timelines, and communication between vendors and independent researchers.

Microsoft previously responded to some of those disclosures by warning that legal action could be considered when individuals engage in activities that cause harm to customers. The company also stated that it may cooperate with law enforcement agencies when necessary.

In comments provided following the publication of the VS Code findings, Microsoft emphasized the role independent researchers play in improving product security. The company stated that it remains committed to evaluating reported issues, coordinating engineering responses, and delivering mitigations intended to protect customers.

A subsequent statement from Microsoft indicated that the issue had been mitigated within its services and that users were not required to take additional action.

The developer-focused platforms remain attractive targets because authentication tokens can provide access to source code repositories, development environments, and organizational assets. Security teams generally recommend reviewing unexpected links carefully, limiting unnecessary permissions, monitoring account activity, and using strong authentication controls to reduce the likelihood of unauthorized access.

Read more »
GitHub Access Token
Access Tokens Cyber Security Data hack Data Hackers Digital Token GitHub Access Token

OpenAI Codex Bug Leads to GitHub Token Breach

 

In March 2026, researchers from BeyondTrust showed that a tailored GitHub branch name was enough to steal Codex’s OAuth token in cleartext. Tech giant OpenAI termed it as “Critical P1”. Soon after, Anthropic’s Claude Code source code leaked into the public npm registry, and Adversa’s Claude Code mutely ignored its own deny protocols once a prompt (command) exceeded over 50 subcommands.

Malicious codes in AI These codes were not isolated vulnerabilities. They were new in a nine-month campaign: six research teams revealed exploits against Copilot, Vertex AI, Codex, Claude Code. Every exploit followed the same strategy. An AI agent kept a credential, performed an action, and verified to a production system without any human session supporting the request.

The attack surface was first showcased at Balck Hat USA 2025, where experts hacked ChatGPT, Microsoft Copilot Studio, Gemini, Cursor and many more, on stage, with zero clicks. After nine, threat actors breached those same credentials.

How a branch name in Codex compromised GitHub


Researchers at BeyondTrust found Codex cloned repositories using a GitHub OAuth token attached in the git remote URL. While cloning, the branch name label allowed malicious data into the setup script. A backtick subshell and a semicolon changed the branch name into an extraction payload.

About the bug


The vulnerability affects the ChatGPT website, Codex CLI, Codex SDK, and the Codex IDE Extension. All reported issues have since been fixed in collaboration with OpenAI's security team.

This vulnerability allows an attacker to inject arbitrary commands through the GitHub branch name parameter, potentially leading to the theft of a victim's GitHub User Access Token—the same token Codex uses to authenticate with GitHub—through automated techniques. A victim's GitHub User Access Token, which Codex needs to authenticate with GitHub, may be stolen as a result.

Vulnerability impact


This vulnerability can scale to compromise numerous people interacting with a shared environment or GitHub repository using automated ways. The Codex CLI, Codex SDK, Codex IDE Extension, and the ChatGPT website are all impacted by the vulnerability. Since then, every issue that was reported has been fixed in collaboration with OpenAI's security team.

“OpenAI Codex is a cloud-based coding agent, accessible through ChatGPT. It allows users to point the tool toward a codebase and submit tasks through a prompt. Codex then spins up a managed container instance to execute these tasks—such as generating code, answering questions about a codebase, creating pull requests, and performing code reviews against the selected repository,” said Beyond Trust.
Read more »
Vulnerabilities and Exploits
GitHub Access Token Shopify Vulnerabilities and Exploits

Severe Shopify Flaw Exposed GitHub Access Token And Source Code Repositories

 

Computer science student Augusto Zanellato has earned a $50,000 payday following the discovery of a publicly available GitHub Personal Access Token (PAT) which gave access to the Shopify source code repositories. 

Zanellato spotted the exposed GitHub token in a .env file while reviewing a public macOS Electron-based app. The vulnerability gave access to both public and private repos and admin privileges, potentially allowing a less ethically-minded individual to tamper with repositories and even plant backdoors. Although Zanellato didn’t realize it at the time, the Electron-based app was developed by a Shopify employee. 

"After finding the GitHub token inside the application I tried to use it against the GitHub API to see what token it was, whom it belongs to, what privileges it had etc. I found out that the user in question was a member of the Shopify organization and that he had push and pull access to all the private Shopify repositories," Zanellato explained.

Upon discovering the flaw, Zanellato reported the issue to Shopify via the HackerOne bug bounty program. After the initial bug report earlier this year, the Shopify team worked on developing a fix. Consequently, the vendors deployed a patch by revoking the GitHub PAT. Nonetheless, given the severe impact of the flaw, they have labeled the bug as “critical” with a severity score of 10.0. 

Shopify headquartered in Ottawa, Ontario was founded in 2006 by Tobias Lütke, Daniel Wenand, and Scott Lake following the trio's failure to find a suitable off-the-shelf e-commerce platform for a planned snowboarding store, Snowdevil. Today the Shopify platform has more than 1.7 million customers across the globe – all of whom could have been impacted by the leaked token, had it been exploited. 

“I think the most important lesson to be learned here for developers is to triple check what you are actually bundling in your release builds. Hackers on the other hand should always check what a token they found provides access to,” Zanellato said. 

“If I haven’t checked it manually with the GitHub API, I would have never discovered that the guy developing that application was a Shopify employee with read/write access to all the repositories, so I wouldn’t have ever found that issue , Zanellato concluded.
Read more »
Subscribe to: Posts (Atom)