GitHub has revealed that service disruption in December was due to it rotating credentials after the discovery of a high-severity bug, and warned that some customers may need to take additional action to stay secure.
The popular developer platform said it was notified on December 26 via its Bug Bounty Program of a vulnerability which it patched the same day. The bug could have enabled threat actors to access credentials within a production container.
The Microsoft-owned firm began rotating all potentially exposed credentials out of an abundance of caution, but apologized for the disruption this may have caused.
“Rotating credentials across our production systems caused a number of service disruptions between December 27 and 29,” said deputy CSO, Jacob DePriest. “We recognize the impact these had on our customers that rely on GitHub and have improved our credential rotation procedures to reduce the risk of unplanned downtime going forward.”
Read more on GitHub security: Security Experts Urge IT to Lock Down GitHub Services
However, the key rotation process continued on January 16 and “may require some additional action,” he explained.
This will impact customers using the GitHub commit signing key, and encryption keys for GitHub Actions, GitHub Codespaces and Dependabot, said DePriest.
“We strongly recommend regularly pulling the public keys from the API to ensure you’re using the most current data from GitHub. This will also allow for seamless adoption of new keys in the future,” he added.
Also today, GitHub released an update to fix a version of the same December vulnerability on its GitHub Enterprise Server (GHES), which customers are urged to apply.
“Exploitation requires an authenticated user with an organization owner role to be logged into an account on the GHES instance, which is a significant set of mitigating circumstances to potential exploitation,” said DePriest. “A patch is available today – January 16, 2024 – for GHES versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3.”
Gal Nakash, co-founder of Reco.AI, argued that continual monitoring of accounts and access controls is critical to minimize the attack surface.
“Multi-factor authentication (MFA) can bolster protection against unauthorized account access. With adversaries constantly looking for gaps, organizations need to stay vigilant with regular audits and proactive maintenance,” he added.
“For true protection, they need to ensure that all audit logs are seamlessly integrated into their Security Information and Event Management (SIEM) system, and that they have implemented appropriate detection rules.”