Security · 2h ago
GitHub Agentic Workflow Bug Leaks Private Repo Data
A flaw in GitHub's agentic workflows, dubbed 'GitLost,' lets unauthenticated attackers exfiltrate data from private repositories by crafting a malicious issue in a public repo. The vulnerability exploits the trust between public and private repos in automated workflows. GitHub has not yet released a patch.
Meridian48 take
The bug underscores the risk of interconnected CI/CD pipelines, where a public-facing entry point can become a backdoor to sensitive code.
Read the full reporting
'GitLost' Flaw Leaks Private Data from GitHub's Agentic Workflows →
Dark Reading
githubdata-leak