Repojacking attack could impact thousands of GitHub repositories

More than 4,000 GitHub repositories are being impacted by a novel vulnerability, which could be exploited to facilitate repository hijacking or repojacking attacks, The Hacker News reports. Attackers could leverage the flaw, which has been addressed in a security update issued earlier this month, to exploit a potential race condition between repository creation and username modifications, as well as evade the popular repository namespace retirement security mechanism, according to a Checkmarx report. Researchers said that modifying the "victim_user" namespace to "renamed_user" would prompt the retirement of the "victim_user/repo" repository that coincides with the establishment of a "repo" repository by a threat actor with the "attacker_user" username, who then performs username alteration from "attacker_user" to "victim_user." "The discovery of this novel vulnerability in GitHub's repository creation and username renaming operations underlines the persistent risks associated with the 'popular repository namespace retirement' mechanism," said Checkmarx security researcher Elad Rapoport.