Skip to main content

GitHub OAuth application access restrictions disabled

ID:github_app_restrictions_disabled
Data type:GitHub
Severity:
Low
MITRE ATT&CK:TA0004:T1484

Description

AlphaSOC detected that GitHub OAuth application access restrictions were disabled. This security control prevents organization members and outside collaborators from authorizing OAuth apps to access organization resources without the organization administrator's approval.

Impact

Disabling OAuth app restrictions allows organization members to grant third-party applications access to organizational resources without administrator oversight. This increases the risk of data exfiltration, unauthorized repository access, and potential compromise through malicious OAuth applications.

Severity

SeverityCondition
Low
GitHub OAuth application access restrictions disabled

Investigation and Remediation

Review audit logs to identify which user disabled the restrictions and when. Immediately re-enable OAuth app access restrictions. Audit the currently authorized OAuth applications and revoke access for any unauthorized or suspicious apps. Implement approval workflows for OAuth application access requests and educate users about the security risks associated with third-party application integrations.