GitHub Personal Access Token approval policy modified
Description
AlphaSOC detected changes to GitHub Personal Access Token (PAT) approval policies. PATs are used for API and command line authentication to GitHub repositories and resources. Modifying these policies could potentially alter authentication controls and security mechanisms within your GitHub environment.
Impact
Changes to PAT approval policies may allow the creation of tokens without proper oversight, potentially bypassing established security controls. If exploited, modified PAT policies could enable unauthorized access to repositories and resources. Attackers who gain control of PAT policies could potentially use this to maintain access, access sensitive code, or execute unauthorized workflows.
Severity
| Severity | Condition |
|---|---|
Low | GitHub Personal Access Token approval policy modified |
Investigation and Remediation
Review GitHub audit logs to identify the user who modified the PAT policies, then examine the specific changes made. Verify that the modifications align with your organization's change management processes. If unauthorized changes are found, restore secure PAT policies, revoke any potentially compromised tokens, and implement appropriate approval workflows. Consider limiting PAT creation permissions to necessary reviewers and implementing shorter token expiration periods for enhanced security.