Unvalidated redirect vulnerabilities could allow an attacker to redirect a user to an untrusted site using functionality in a trusted site. This could lend credibility to various social engineering attacks that may try to trick a user to follow a link to a legitimate GitHub page, only to have that page redirect them to an untrusted site.
To prevent this vulnerability within GitHub, all user-controlled redirects are funneled though validation logic to restrict the locations that users can be forwarded to.
More about unvalidated redirect vulnerabilities from OWASP’s Top 10:
Applications frequently redirect users to other pages, or use internal forwards in a similar manner. Sometimes the target page is specified in an unvalidated parameter, allowing attackers to choose the destination page. Detecting unchecked redirects is easy. Look for redirects where you can set the full URL. Unchecked forwards are harder, because they target internal pages.
|1||500 pts Kamil Hismatullin Gist archive download content spoofing|
|2||2500 pts Mathias Karlsson Insufficient OAuth redirect URL validation|
|3||750 pts Mathias Karlsson Insufficient OAuth redirect URL validation|
|4||1700 pts Aleksandr Dobkinimg src404 onerroralert(document.domain) Open redirect|
|5||500 pts Nir Ashwall (CyberInt.com) Unvalidated redirect in GitHub.com|