Grafana says stolen GitHub token allowed attackers to download its codebase(bleepingcomputer.com)
bleepingcomputer.com
Grafana says stolen GitHub token allowed attackers to download its codebase
https://www.bleepingcomputer.com/news/security/grafana-says-stolen-github-token-let-hackers-steal-codebase/
1 comments
GH provides an IP allow list and corp proxy capability to enterprise users. Unless the attacker pwned the entire corp network which is worse than leaking a token, these types of issues can mitigated. Tokens are useless if they don't originate from a specific IP space or contain the proxy header, but you have to set them up.