New GitHub Zero-Day Exposed Developer Tokens to Attackers
A single click on the wrong repository could have put a developer’s GitHub access at risk. Security researcher Ammar Askar disclosed a zero-day vulnerability in github.dev, GitHub’s browser-based VSCode environment, that could expose GitHub OAuth tokens through a flaw in VSCode webviews. Those tokens could give attackers access to repositories and organizational code available to…
