The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.
Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65222410a443
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = git@gitlab.rusklimat.ru:landings/boneco/u700.boneco.ru.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master
Severity: medium
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba918840277e741dbd0e21421
[init] defaultBranch = none [fetch] recurseSubmodules = false [http "https://gitlab.rusklimat.ru"] sslCAInfo = /home/gitlab-runner/builds/qwf9Lm2t/0/landings/boneco/u700.boneco.ru.tmp/CI_SERVER_TLS_CA_FILE [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = git@gitlab.rusklimat.ru:landings/boneco/u700.boneco.ru.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master
Severity: critical
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba918840277e741dbef43bd7d
[init] defaultBranch = none [fetch] recurseSubmodules = false [http "https://gitlab.rusklimat.ru"] sslCAInfo = /home/gitlab-runner/builds/qwf9Lm2t/0/landings/boneco/u700.boneco.ru.tmp/CI_SERVER_TLS_CA_FILE [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitlab-ci-token:Pmgh75iRBEZyzroWsL4Q@gitlab.rusklimat.ru/landings/boneco/u700.boneco.ru.git fetch = +refs/heads/*:refs/remotes/origin/*