The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.
Severity: critical
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba918840203659005073bf1b0
[init] defaultBranch = none [fetch] recurseSubmodules = false [http "https://gitlab.com"] sslCAInfo = /tmp/builds/f2k4SyfF/0/sparkles-dev/fellowship/akx.tmp/CI_SERVER_TLS_CA_FILE [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitlab-ci-token:Xfqgj7_Vo9xqGT6mzB7h@gitlab.com/sparkles-dev/fellowship/akx.git fetch = +refs/heads/*:refs/remotes/origin/*
Severity: critical
Fingerprint: 2580fa947178c883cda65107b6f0882eff0fd891499eab2b5fe2c25c0f9dd0e9
[fetch] recurseSubmodules = false [http "https://gitlab.com"] sslCAInfo = /tmp/builds/f2k4SyfF/0/sparkles-dev/fellowship/akx.tmp/CI_SERVER_TLS_CA_FILE [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitlab-ci-token:zcbPPU1ds_jytSaJX9SK@gitlab.com/sparkles-dev/fellowship/akx.git fetch = +refs/heads/*:refs/remotes/origin/*
Severity: critical
Fingerprint: 2580fa947178c883cda65107b6f0882eff0fd891bedff59508d14d6604a8f798
[fetch] recurseSubmodules = false [http "https://gitlab.com"] sslCAInfo = /tmp/builds/f2k4SyfF/2/sparkles-dev/fellowship/akx.tmp/CI_SERVER_TLS_CA_FILE [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitlab-ci-token:QQaE149VyBSWEYsJnq4w@gitlab.com/sparkles-dev/fellowship/akx.git fetch = +refs/heads/*:refs/remotes/origin/*