• Creation
  • Validation
  • Communication & fix
  • Disclosure

numerique.gouv.fr / Source and credentials leak through exposed git directory
Deleted user reported 2021-10-17

The following URL is publicly accessible and is leaking source code : https://preprod.webconf.numerique.gouv.fr/.git/config

Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.

IP:
194.5.170.177
Port:
443
Detected protocol:
https
Vulnerable URL:
https://preprod.webconf.numerique.gouv.fr/.git/config 
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://webconf-preprod:<redacted>@gitlab-forge.din.developpement-durable.gouv.fr/snum/detn/gmcd/pmcd/custom-jitsi-meet.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "feedback_integration"]
	remote = origin
	merge = refs/heads/feedback_integration
Found by GitConfigPlugin 2021-10-16
Report created by deleted-user  2021-10-17
Report edited by deleted-user  2021-10-17
Report approved by BloodyShell  2021-10-18
New PDF report generated by system 2021-10-18
Report dispatched to ...@... by system 2021-10-18
Report dispatched to ...@... by system 2021-10-18
Report dispatched to ...@... by system 2021-10-18
Report marked as fixed by BloodyShell  2021-10-18
BloodyShell commented 2021-10-18: approved shows in report 

Server now returns 502

New PDF report generated by system 2021-10-18
Report comment dispatched to zythop by system 2021-10-18
Report comment dispatched to assistance@webconf.numerique.gouv.fr by system 2021-10-18
Report comment dispatched to rgpd@webconf.numerique.gouv.fr by system 2021-10-18
Report comment dispatched to cert-fr.cossi@ssi.gouv.fr by system 2021-10-18
Report closed by BloodyShell  2021-10-18
New PDF report generated by system 2021-10-18
Report edited by BloodyShell  2021-10-21
New PDF report generated by system 2021-10-21
Information
Owner numerique.gouv.fr
Created 2021-10-17 08:13
Updated 2021-11-19 06:16
Fixed true
Contacts
a...@webconf.numerique.gouv.fr
r...@webconf.numerique.gouv.fr
c...@ssi.gouv.fr
Status
Status closed
Hosting contacted false
CERT contacted false
Download report

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice