• Creation
  • Validation
  • Communication & fix
  • Disclosure

veximo.de / Source and credentials leak through exposed git directory
Deleted user reported 2021-10-25

The following URL is publicly accessible and is leaking source code : https://176.9.78.7/.git/config

Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.

IP:
176.9.78.7
Port:
443
Detected protocol:
https
Vulnerable URL:
https://176.9.78.7/.git/config 
[fetch]
	recurseSubmodules = false
[http "https://git.veximo.de"]
	sslCAInfo = /home/gitlab-runner/builds/Ssqfxxbu/0/mib/veximo-website.tmp/CI_SERVER_TLS_CA_FILE
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = http://gitlab-ci-token:<redacted>@git.veximo.de/mib/veximo-website.git
	fetch = +refs/heads/*:refs/remotes/origin/*
Found by GitConfigPlugin 2021-09-21
IP:
176.9.78.7
Port:
443
Detected protocol:
https
Vulnerable URL:
https://176.9.78.7/.git/config 
[fetch]
	recurseSubmodules = false
[http "https://git.veximo.de"]
	sslCAInfo = /home/gitlab-runner/builds/Ssqfxxbu/0/mib/veximo-website.tmp/CI_SERVER_TLS_CA_FILE
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = http://gitlab-ci-token:<redacted>@git.veximo.de/mib/veximo-website.git
	fetch = +refs/heads/*:refs/remotes/origin/*
Found by GitConfigPlugin 2021-11-04
IP:
176.9.78.7
Port:
443
Detected protocol:
https
Vulnerable URL:
https://176.9.78.7/.git/config 
[fetch]
	recurseSubmodules = false
[http "https://git.veximo.de"]
	sslCAInfo = /home/gitlab-runner/builds/Ssqfxxbu/0/mib/veximo-website.tmp/CI_SERVER_TLS_CA_FILE
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = http://gitlab-ci-token:<redacted>@git.veximo.de/mib/veximo-website.git
	fetch = +refs/heads/*:refs/remotes/origin/*
Found by GitConfigPlugin 2021-11-05
Report created by deleted-user  2021-10-25
Report approved by BloodyShell  2021-10-25
New PDF report generated by system 2021-10-25
Report dispatched to ...@... by system 2021-10-25
system commented 2021-11-07: approved shows in report 

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2021-11-07
Report comment dispatched to zythop by system 2021-11-07
Report comment dispatched to info@veximo.de by system 2021-11-07
Report marked as fixed by BloodyShell  2021-11-07
Report edited by BloodyShell  2021-11-07
New PDF report generated by system 2021-11-07
Report closed by BloodyShell  2021-11-07
New PDF report generated by system 2021-11-07
Information
Owner veximo.de
Created 2021-10-25 06:46
Updated 2021-11-07 20:27
Fixed true
Contacts
i...@veximo.de
Status
Status closed
Hosting contacted false
CERT contacted false
Download report

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice