• Creation
  • Validation
  • Communication & fix
  • Disclosure

ringl.im / Source and credentials leak through exposed git directory

Deleted user reported 2021-10-12

The following URL is publicly accessible and is leaking source code : https://18.198.157.0/.git/config

Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.

IP:
18.198.157.0
Port:
443
Detected protocol:
https
[fetch]
	recurseSubmodules = false
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab-ci-token:<redacted>@gitlab.ringl.im/ringl/server-app/b2b-console.git
	fetch = +refs/heads/*:refs/remotes/origin/*
Found by GitConfigPlugin 2021-10-11
IP:
18.198.157.0
Port:
443
Detected protocol:
https
[fetch]
	recurseSubmodules = false
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab-ci-token:<redacted>@gitlab.ringl.im/ringl/server-app/b2b-console.git
	fetch = +refs/heads/*:refs/remotes/origin/*
Found by GitConfigPlugin 2021-11-04
IP:
18.198.157.0
Port:
443
Detected protocol:
https
[fetch]
	recurseSubmodules = false
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab-ci-token:<redacted>f@gitlab.ringl.im/ringl/server-app/b2b-console.git
	fetch = +refs/heads/*:refs/remotes/origin/*
Found by GitConfigPlugin 2021-11-05
Report created by deleted-user  2021-10-12
Report approved by BloodyShell  2021-10-12
New PDF report generated by system 2021-10-12
Report dispatched to ...@... by system 2021-10-12
system commented 2021-11-07: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2021-11-07
Report comment dispatched to zythop by system 2021-11-07
Report comment dispatched to ringlme@ringl.im by system 2021-11-07
Report marked as fixed by BloodyShell  2021-11-07
Report edited by BloodyShell  2021-11-07
New PDF report generated by system 2021-11-07
Report closed by BloodyShell  2021-11-07
New PDF report generated by system 2021-11-07
Report edited by BloodyShell  2021-11-07
New PDF report generated by system 2021-11-07
Information
Owner ringl.im
Created 2021-10-12 08:11
Updated 2021-11-07 20:25
Fixed true

Contacts
r...@ringl.im

Status
Status closed
Hosting contacted false
CERT contacted false

Download report