GitHub announced the rotation of credentials following the discovery and resolution of a vulnerability that could have exposed login information on GitHub.com and GitHub Enterprise Server. The flaw was reported on December 26, 2023, and was promptly addressed, leading to disruptions between December 27 and 29. The vulnerability allowed access to credentials within a production container, but GitHub stated that, based on their analysis, they have high confidence that it hasn’t been previously exploited. GitHub has taken measures to rotate credentials exposed to third parties and released patches for GitHub Enterprise Server versions. Some users may need to take action, particularly for keys related to GitHub GPG commit signing, GitHub Actions, GitHub Codespaces, and Dependabot customer encryption keys.
Read more: https://www.securityweek.com/github-rotates-credentials-in-response-to-vulnerability/
