Public GitHub Issue Can Leak Private Repo Data
A public GitHub issue can be exploited to trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, according to research by Noma Security. The exploit requires an attacker to open a seemingly ordinary issue on a public repository. This method does not necessitate stolen credentials or prior access to the target organization. If the organization has granted the agent read access across its repositories, including private ones, the vulnerability can be triggered.
Noma Security's findings indicate that the agentic workflow, when presented with a crafted public issue, may inadvertently process and expose sensitive data from private repositories it has access to. This bypasses standard security protocols designed to keep proprietary code and information confidential. The researchers demonstrated that the agent's execution context, when interacting with the public issue, can be manipulated to retrieve and potentially exfiltrate data from restricted areas.
This vulnerability highlights a significant security concern for organizations utilizing GitHub's agentic workflow features for automation and code management. The ability for an external, unauthenticated party to trigger data leakage through a public interface poses a substantial risk. Noma Security has provided detailed technical information on how the exploit functions, emphasizing the need for immediate review and mitigation by affected users and GitHub itself. The company has not yet released a specific patch but is reportedly investigating the issue.
Original source — read the full reporting at the publisher:
Read on The Hacker News