134
Anyone can Access Deleted and Private Repository Data on GitHub. (trufflesecurity.com)
submitted 1 year ago by ModerateImprovement@sh.itjust.works to c/technology@lemmy.world
6 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] sem@lemmy.ml 69 points 1 year ago

The title is very click bait imo. It is not about any private data. It is a very specific case of deleted fork of the public repository. It is a bug, of course. But it doesn't look so serious as I was thinking when saw the title.

[-] tyler@programming.dev 29 points 1 year ago

It was purposefully designed that way so it’s not a bug. It’s just bad design. Like they say at the end of the article, people view private vs public as a security boundary. So it’s incredibly surprising and unintuitive behavior that has clearly resulted in security breaches.

this post was submitted on 26 Jul 2024
134 points (100.0% liked)

Technology

73450 readers
3554 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws