OpenStack haven OpenDev yanks Gerrit code review tool after admin account compromised for two weeks

guest · Oct 21, 2020

OpenStack haven OpenDev yanks Gerrit code review tool after admin account compromised for two weeks
Source warehouse asks users to verify recent project commits to ensure they’re not malicious
October 21, 2020
https://www.theregister.com/2020/10/21/opendev_gerrit_attack/

OpenDev.org, which hosts the official OpenStack source code, on Tuesday tore down its Gerrit deployment after realizing it had been secretly hacked two weeks ago.
The site has asked users to review recent commits to their projects to make sure they don’t contain any backdoored or other malicious code.

As well as being home to OpenStack's blueprints, OpenDev hosts a number of other Git-based repositories pretty much along the lines of GitHub and similar source-hosting outfits.
On Tuesday, OpenDev published a since-removed maintenance notice, and issued a mailing-list announcement, that revealed “an admin account in Gerrit was compromised allowing an attacker to escalate privileges within Gerrit.”
Click to expand...

OpenDev is now rather busy trying to figure out exactly what happened, and what, if any, repos may have been meddled with.

“In order to evaluate impact, we are using backups from October 1 to find configuration, database, and git repo changes that have been made,” the maintenance note stated [...]
Click to expand...

All users have also been advised as follows: “This is a good reminder to check activity on your online accounts and identities for anything unexpected.”
Click to expand...

Log in or Sign up

OpenStack haven OpenDev yanks Gerrit code review tool after admin account compromised for two weeks

guest Guest

Log in or Sign up

OpenStack haven OpenDev yanks Gerrit code review tool after admin account compromised for two weeks

guest Guest

Useful Searches