• Creation
  • Validation
  • Communication & fix
  • Disclosure

versowood.fi / Source and credentials leak through exposed git directory

Deleted user reported 2021-10-12

The following URL is publicly accessible and is leaking source code : https://34.107.131.36/.git/config

Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.

IP:
34.107.131.36
Port:
443
Detected protocol:
https
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://versowood_fi:<redacted>@gitlab.avenla.fi/versowood/versowood.fi.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
Found by GitConfigPlugin 2021-10-11
IP:
34.107.131.36
Port:
443
Detected protocol:
https
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://versowood:<redacted>@gitlab.avenla.fi/versowood/versowood.fi.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
Found by GitConfigPlugin 2021-11-05
IP:
34.107.131.36
Port:
443
Detected protocol:
https
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://versowood:<redacted>@gitlab.avenla.fi/versowood/versowood.fi.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
Found by GitConfigPlugin 2021-11-07
Report created by deleted-user  2021-10-12
Report approved by BloodyShell  2021-10-12
New PDF report generated by system 2021-10-12
Report dispatched to ...@... by system 2021-10-12
Report dispatched to ...@... by system 2021-10-12
system commented 2021-11-08: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2021-11-08
Report comment dispatched to zythop by system 2021-11-08
Report comment dispatched to contact@versowood.fi by system 2021-11-08
Report comment dispatched to puukaupoille@versowood.fi by system 2021-11-08
Report marked as fixed by BloodyShell  2021-11-08
Report closed by BloodyShell  2021-11-08
New PDF report generated by system 2021-11-08
Report edited by BloodyShell  2021-11-08
New PDF report generated by system 2021-11-08
Information
Owner versowood.fi
Created 2021-10-12 08:01
Updated 2021-11-08 13:44
Fixed true

Contacts
c...@versowood.fi
p...@versowood.fi

Status
Status closed
Hosting contacted false
CERT contacted false

Download report