CAPEC-695 Metadata
Likelihood of Attack
Medium
Typical Severity
High
Overview
Summary
An adversary takes advantage of the redirect property of directly linked Version Control System (VCS) repositories to trick users into incorporating malicious code into their applications.
Prerequisites
Identification of a popular repository that may be directly referenced in numerous software applications A repository owner/maintainer who has recently changed their username or deleted their account
Execution Flow
| Step | Phase | Description | Techniques |
|---|---|---|---|
| 1 | Explore | [Identify target] The adversary must first identify a target repository that is commonly used and whose owner/maintainer has either changed/deleted their username or transferred ownership of the repository and then deleted their account. The target should typically be a popular and widely used package, as to increase the scope of the attack. |
|
| 2 | Experiment | [Recreate initial repository path] The adversary re-registers the account that was renamed/deleted by the target repository's owner/maintainer and recreates the target repository with malicious code intended to exploit an application. These steps may need to happen in reverse (i.e., recreate repository and then rename an existing account to the target account) if protections are in place to prevent repository reuse. |
|
| 3 | Exploit | [Exploit victims] The adversary's malicious code is incorporated into applications that directly reference the initial repository, which further allows the adversary to conduct additional attacks. |
|
Potential Solutions / Mitigations
Leverage dedicated package managers instead of directly linking to VCS repositories. Utilize version pinning and lock files to prevent use of maliciously modified repositories. Implement "vendoring" (i.e., including third-party dependencies locally) and leverage automated testing techniques (e.g., static analysis) to determine if the software behaves maliciously. Leverage automated tools, such as Checkmarx's "ChainJacking" tool, to determine susceptibility to Repo Jacking attacks.
Related Weaknesses (CWE)
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-616 | An adversary provides a malicious version of a resource at a location that is similar to the expected location of a legitimate resource. After establishing the rogue location, the adversary waits for a victim to visit the location and access the malicious resource. |
Taxonomy Mappings
Taxonomy: ATTACK
| Entry ID | Entry Name |
|---|---|
| 1195.001 | Supply Chain Compromise: Compromise Software Dependencies and Development Tools |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.