According to Deep Tide TechFlow news on April 27, the Chief Information Security Officer 23pds (@im23pds) of SlowMist security team disclosed that the Open Source data visualization tool Grafana was suspected to have been hacked. The attacker used Gato-X to steal the Secret Key and attacked multiple code repositories using application tokens.
It is reported that attackers may inject JavaScript code and steal sensitive information by constructing malicious branch names. Potential targets of the attackers include: generating high-privilege GitHub tokens using tibdex/github-app-token, manipulating the grafana/grafana code repository (including code, branches, and release workflows), as well as implanting hidden backdoors or tampering with future release packages.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
