The following URL is publicly accessible and is leaking source code : https://22.214.171.124/.git/config
Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://firstname.lastname@example.org/better-ed-internal/pixical-homepage.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master
Email from: email@example.com Dear Team, Thanks for bringing this issue to our attention. We'd like to inform you that we have plugged the unrestricted access from our side and this issue should not exist anymore. Eg. curl https://pixical.com/.git/config Regards, Chethan Rao