GitHub OAuth application access restrictions disabled
Description
AlphaSOC detected that GitHub OAuth application access restrictions were disabled. This security control prevents organization members and outside collaborators from authorizing OAuth apps to access organization resources without the organization administrator's approval.
Impact
Disabling OAuth app restrictions allows organization members to grant third-party applications access to organizational resources without administrator oversight. This increases the risk of data exfiltration, unauthorized repository access, and potential compromise through malicious OAuth applications.
Severity
| Severity | Condition |
|---|---|
Low | GitHub OAuth application access restrictions disabled |
Investigation and Remediation
Review audit logs to identify which user disabled the restrictions and when. Immediately re-enable OAuth app access restrictions. Audit the currently authorized OAuth applications and revoke access for any unauthorized or suspicious apps. Implement approval workflows for OAuth application access requests and educate users about the security risks associated with third-party application integrations.