Claude 4 and GitHub MCP will leak your private GitHub repositories
(twitter.com)
from mesamunefire@piefed.social to technology@lemmy.world on 26 May 19:53
https://piefed.social/post/791037
from mesamunefire@piefed.social to technology@lemmy.world on 26 May 19:53
https://piefed.social/post/791037
Content:
BEWARE: Claude 4 + GitHub MCP will leak your private GitHub repositories, no questions asked.
We discovered a new attack on agents using GitHub’s official MCP server, which can be exploited by attackers to access your private repositories.
creds to @marco_milanta
threaded - newest
Maybe I should have just linked the blog post: https://invariantlabs.ai/blog/mcp-github-vulnerability
It is almost as if connecting private and public channels together using a “do random shit” engine is not a good idea for security.