If you visit GitHub today you’ll be asked to authenticate anew because the code collaboration locker has squished a bug that sometimes “misrouted a user’s session to the browser of another authenticated user, giving them the valid and authenticated session cookie for another user.”
GitHub disclosed the problem today, explain that it could only happen under “extremely rare circumstances” and “occurred in fewer than 0.001% of authenticated sessions on GitHub.com.”
The service knows which users’ sessions were exposed by the flaw and says it has contacted them with guidance and additional information.
The rest of us have been told: “It is important to note that this issue was not the result of compromised account passwords, SSH keys, or personal access tokens (PATs) and there is no evidence to suggest that this was the result ..
Support the originator by clicking the read the rest link below.
