The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65220038aad4
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://rmoreno_sl:kvMz74YLLfUsQLagExkQ@bitbucket.org/sensolabscl/sensomasters.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master
Severity: critical
Fingerprint: 2580fa947e78dd08e645819ded03389a9cffdd691105492be1adeb9ef6e5a2e2
HTTP/1.1 200 OK Date: Sun, 07 May 2023 18:01:59 GMT Server: Apache/2.4.41 (Ubuntu) Set-Cookie: XSRF-TOKEN=d2qYc9jYAUnvVuBiHKJ3sc5lA6xjW9ifTyNH9eHK; expires=Tue, 06-Jun-2023 18:01:59 GMT; Max-Age=2592000; path=Secure Set-Cookie: XSRF-TOKEN=d2qYc9jYAUnvVuBiHKJ3sc5lA6xjW9ifTyNH9eHK; expires=Tue, 06-Jun-2023 18:01:59 GMT; Max-Age=2592000; path=HttpOnly Cache-Control: no-cache, private feature-policy: geolocation 'self';fullscreen 'self' expect-ct: max-age=0 referrer-policy: no-referrer referrer-policy: strict-origin-when-cross-origin x-permitted-cross-domain-policies: none x-xss-protection: 1; mode=block x-content-type-options: nosniff x-frame-options: Deny content-security-policy: default-src * https://www.google.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://connect.facebook.net https://code.highcharts.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://v2.zopim.com; img-src * self data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com strict-transport-security: max-age=31536000 Set-Cookie: XSRF-TOKEN=eyJpdiI6ImNSc1l1UDFHM3QrRHBxWjVyeU5zN0E9PSIsInZhbHVlIjoiSmxUQWxxdlZqQTJhbTNocitodVlTREJoUHVjRUg5eDYwSm91bkpGR2pEY3lmSWVLTEt0SVk4MG9CdCs2M1dyYyIsIm1hYyI6IjZiOTAxZjA0NzAwM2UyMTc4Y2YyYjMxZDI2YmFkOWU0MzMwNTY3ZTYyMGQ1ODFiODI5MzYwYzNlZWIxYTc5NzIifQ%3D%3D; expires=Sun, 07-May-2023 20:01:59 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax Set-Cookie: laravel_session=eyJpdiI6InJjUmtYRXc2YXdnem02Y2pPWjNhZVE9PSIsInZhbHVlIjoiMUpwbzgzdnVIZVIxOXgrbzFQOFR0Z01VQVBHRG9kZUVRWjhGWm5uOW85K2ZjNXNUNVFrdkNKN3NzTE91bmpIUCIsIm1hYyI6IjdlZjU2OThiZDVmNjBmZTcxN2U3ZGNkNGU5YjAxNDYyNjIwZjE5ZjJkMDg3ZGVjNmI5ZWQ3YTY3ZWNmZjhkNjcifQ%3D%3D; expires=Sun, 07-May-2023 20:01:59 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Page title: Bienvenidos :: Pega-Lab[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://rmoreno_sl:kvMz74YLLfUsQLagExkQ@bitbucket.org/sensolabscl/sensomasters.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master