Member received Admin permissions

ID

member_repository_admin

Severity

critical

Resource

Repository

Description

Detects whether a member has received admin permissions for a repository.

Impact

An organization member unexpectedly receiving admin permissions can have significant negative impacts on an organization. Here are some examples:

  • Data Theft or Manipulation: An organization member with admin permissions can access, modify, or delete sensitive data, leading to data theft or manipulation, financial losses, or reputational damage.

  • Security Breach: An organization member with admin permissions can introduce malware or other security vulnerabilities into the organization’s systems or data, allowing attackers to exploit the organization’s systems or access sensitive data, leading to data breaches, financial losses, or reputational damage.

  • Compliance Violations: An organization member with admin permissions can violate regulatory or compliance requirements, exposing the organization to legal liabilities, fines, or other penalties.

  • Reputation Damage: A security breach resulting from an organization member with admin permissions can damage the organization’s reputation, leading to loss of customers, investors, or business partners.

  • Operational Disruptions: A malicious organization member with admin permissions can disrupt the organization’s development and operations workflow, leading to downtime, delays, or other negative impacts.

Supported Technologies

This detector is supported by the following sensors:

GitHub Actions   GitHub Sensor

GitHub Actions   GitHub Audit Log

GitLab Sensor   GitLab Sensor