{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/azure-blob-storage/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["cli/cli/v2","Azure Blob Storage"],"_cs_severities":["high"],"_cs_tags":["github","cli","token leakage","api"],"_cs_type":"advisory","_cs_vendors":["GitHub","Microsoft"],"content_html":"\u003cp\u003eGitHub CLI versions 2.92.0 and earlier contain a vulnerability where authorization headers, including GitHub personal access tokens and enterprise tokens, are incorrectly included in API requests to external hosts. Specifically, the \u003ccode\u003egh attestation\u003c/code\u003e, \u003ccode\u003egh release verify\u003c/code\u003e, and \u003ccode\u003egh release verify-asset\u003c/code\u003e commands fetch data from hosts such as \u003ccode\u003etuf-repo.github.com\u003c/code\u003e, \u003ccode\u003etuf-repo-cdn.sigstore.dev\u003c/code\u003e, and \u003ccode\u003etmaproduction.blob.core.windows.net\u003c/code\u003e. Due to improper host normalization, the CLI\u0026rsquo;s authentication layer attaches tokens intended for \u003ccode\u003egithub.com\u003c/code\u003e or GHES instances to these requests. This issue affects authenticated \u003ccode\u003egithub.com\u003c/code\u003e users and users with \u003ccode\u003eGH_ENTERPRISE_TOKEN\u003c/code\u003e or \u003ccode\u003eGITHUB_ENTERPRISE_TOKEN\u003c/code\u003e set. Successful exploitation would allow unauthorized access to the token holder\u0026rsquo;s resources.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA user configures the GitHub CLI with a personal access token or enterprise token.\u003c/li\u003e\n\u003cli\u003eThe user executes a \u003ccode\u003egh attestation\u003c/code\u003e, \u003ccode\u003egh release verify\u003c/code\u003e, or \u003ccode\u003egh release verify-asset\u003c/code\u003e command.\u003c/li\u003e\n\u003cli\u003eThe GitHub CLI initiates an HTTP request to \u003ccode\u003etuf-repo.github.com\u003c/code\u003e to retrieve TUF metadata.\u003c/li\u003e\n\u003cli\u003eDue to incorrect host normalization, the CLI attaches the user\u0026rsquo;s \u003ccode\u003egithub.com\u003c/code\u003e token to the request header.\u003c/li\u003e\n\u003cli\u003eThe GitHub CLI initiates HTTP requests to \u003ccode\u003etuf-repo-cdn.sigstore.dev\u003c/code\u003e and \u003ccode\u003etmaproduction.blob.core.windows.net\u003c/code\u003e to retrieve additional TUF metadata and artifact bundles.\u003c/li\u003e\n\u003cli\u003eThe CLI erroneously includes the \u003ccode\u003eGH_ENTERPRISE_TOKEN\u003c/code\u003e or \u003ccode\u003eGITHUB_ENTERPRISE_TOKEN\u003c/code\u003e in the headers of these requests.\u003c/li\u003e\n\u003cli\u003eThe external hosts receive the unauthorized tokens in the HTTP headers.\u003c/li\u003e\n\u003cli\u003eAn attacker who gains access to these hosts could potentially steal the tokens.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability allows unauthorized access to GitHub tokens, potentially granting an attacker access to private repositories, organization resources, or enterprise administration depending on token type and permissions. Although there is no evidence that tokens were logged, retained, or accessed by unauthorized parties, a captured token would grant the same access as the token holder. This vulnerability is tracked as CVE-2026-48501.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevoke all authentication tokens used with the GitHub CLI, including personal access tokens and the GitHub CLI OAuth app as described in the \u003ca href=\"https://docs.github.com/en/enterprise-cloud@latest/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\"\u003eGitHub documentation\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpgrade the GitHub CLI to version 2.93.0 or later to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eReview personal \u003ca href=\"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log\"\u003esecurity logs\u003c/a\u003e for any suspicious activity related to your account.\u003c/li\u003e\n\u003cli\u003eReview \u003ca href=\"https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token\"\u003eaudit logs\u003c/a\u003e for any unexpected actions performed by GitHub CLI tokens.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T15:31:29Z","date_published":"2026-05-29T15:31:29Z","id":"https://feed.craftedsignal.io/briefs/2026-05-gh-cli-token-leak/","summary":"GitHub CLI versions 2.92.0 and earlier incorrectly include authorization headers in API requests to TUF repository mirrors and external hosts when using the `gh attestation`, `gh release verify`, and `gh release verify-asset` commands, potentially exposing sensitive tokens.","title":"GitHub CLI Incorrectly Includes Authorization Header in API Requests","url":"https://feed.craftedsignal.io/briefs/2026-05-gh-cli-token-leak/"}],"language":"en","title":"CraftedSignal Threat Feed — Azure Blob Storage","version":"https://jsonfeed.org/version/1.1"}