TechThe Next Web2 days ago

GitHub.dev Shares OAuth Token on One Click

1 min read

GitHub.dev passes full OAuth access to all user repositories upon one click. A malicious Jupyter Notebook triggers a webview to install a rogue extension and exfiltrate the token. The token grants read and write access to private repositories. Microsoft confirms the flaw and is working on a fix. The vulnerability affects only GitHub.dev, not VS Code Desktop.

Level

Hype check

Tap to vote and see what everyone thinks.

#github #security #vscode

Read full story

More to chew on!

Security2 days ago

VS Code Vulnerability Allows One-Click GitHub Token Theft

Mobile4 days ago

One Line of Code Exposed Billions of Microsoft Android App Downloads

Security