We have identified a security issue in the GitKraken Jira → GitHub integration. Users are currently able to see and interact with private GitHub repositories through the GitKraken panel inside Jira, even when they do not have access to those repositories in GitHub.

Observed Behavior:

When opening an issue in Jira, users can use the GitKraken integration panel to browse associated GitHub repositories.

Users without permissions to a private GitHub repository can still see repository details.

These users are also able to create branches in these private repositories directly from Jira using the GitKraken integration.

Expected Behavior:

Users should only be able to view or interact with repositories they have explicit access to in GitHub.

Branch creation should only be available when the authenticated GitHub account has permissions to the relevant repository.