腾讯网

托管在 GitHub 上的诸多开源项目被曝存在 Auth tokens 泄露问题

IT之家 8 月 16 日消息,派拓网络(Palo Alto Networks)旗下安全部门 Unit 42 于 8 月 13 日发布报告,表示托管在 GitHub 上的很多热门开源项目存在身份认证授权令牌(Auth tokens)泄露问题,让整个项目面临数据被盗和篡改植入恶意代码等风险。 Unit 42 部门发现包括谷歌 ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
ZDNet

Over 100,000 GitHub repos have leaked API or cryptographic keys

A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with ...