The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.
Severity: critical
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba91884022e566c8155c40868
[init] defaultBranch = none [fetch] recurseSubmodules = false [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitlab-ci-token:ZwD_3xS6jHCsGsMZJLvE@git.outside.dev/autopragmat/crm/web-console.git fetch = +refs/heads/*:refs/remotes/origin/*
Severity: critical
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba91884022e566c81f0b792d4
[init] defaultBranch = none [fetch] recurseSubmodules = false [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitlab-ci-token:ikn-wwYDmNPbyHDyh1vF@git.outside.dev/autopragmat/crm/web-console.git fetch = +refs/heads/*:refs/remotes/origin/*
Severity: critical
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba91884022e566c81412e4b1c
[init] defaultBranch = none [fetch] recurseSubmodules = false [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitlab-ci-token:76K4Lypmz_Nyy2ebMHcx@git.outside.dev/autopragmat/crm/web-console.git fetch = +refs/heads/*:refs/remotes/origin/*