GitKraken Vulnerability Prompts Action From GitHub, GitLab, Bitbucket

Source
Advertisement


Discovered in the open source library that the Git GUI client uses for SSH key generation, the issue affects all keys issued using versions 7.6.x, 7.7.x, and 8.0.0 of GitKraken.

The security hole was identified in late September and was addressed with the release of GitKraken version 8.0.1. The SSH key generation library was replaced with a new one.

Due to the presence of the vulnerability in multiple versions of GitKraken, users are advised to regenerate their SSH keys even if they have already updated to the patched version.

Advertisement