A newly disclosed vulnerability in GitHub’s browser-based editor, GitHub.dev, allows attackers to steal powerful OAuth tokens with just a single click, giving them read and write access to private repositories. The flaw exploits how Visual Studio Code (VSCode) webviews handle keyboard events and message passing, enabling a malicious repository to execute attacker-controlled actions inside the […]

The post 1-Click GitHub Vulnerability Enables OAuth Token Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Source: gbHackers
Source Link: https://gbhackers.com/1-click-github-vulnerability/