@lukasreschke discovered that GitHub did not require users to reauthenticate when promoting another user to an organization owner. Further internal investigation identified that we also did not require reauthentication when inviting a new user to the organization. If an organization owner’s session was compromised, an attacker could invite a new user to the organization and grant them owner privileges. GitHub introduced sudo mode to balance the need between security and usability while performing potentially dangerous actions on GitHub.com. We addressed the vulnerability by requiring sudo authentication for role management and invitation functionality that could escalate a user’s privilege within an organization.
@lukasreschke earned an additional 500 points for donating his bounty to a great cause — Doctors Without Borders. GitHub matches all bounties donated to 501(c)(3) organizations.