LeakIX report : Sorbonne Universite

Creation
Validation
Communication & fix
Disclosure

Sorbonne Universite / Source and credentials leak through exposed git directory

Deleted user reported 2021-10-18

The following URL is publicly accessible and is leaking source code : https://q-www2.dsi.sorbonne-universite.fr/.git/config

Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.

IP:

134.157.33.62

Port:

443

Detected protocol:

https

Vulnerable URL:

https://q-www2.dsi.sorbonne-universite.fr/.git/config

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://<redacted>@gitlab.intuitiv-interactive.com/drupal8/sorbonne-universite-kit.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "develop"]
	remote = origin
	merge = refs/heads/develop

Found by GitConfigPlugin 2021-10-17

Report created by

deleted-user 2021-10-18

Report approved by

BloodyShell 2021-10-18

New PDF report generated by system 2021-10-18

Report dispatched to ...@... by system 2021-10-18

Report comment dispatched to BloodyShell by system 2021-10-18

Report comment dispatched to iampritam by system 2021-10-18

Report comment dispatched to fokoil by system 2021-10-18

Report marked as fixed by

BloodyShell 2021-10-18

Report edited by

BloodyShell 2021-10-18

New PDF report generated by system 2021-10-18

Report closed by

BloodyShell 2021-10-18

New PDF report generated by system 2021-10-18

Report edited by

BloodyShell 2021-10-18

New PDF report generated by system 2021-10-18

Report edited by

BloodyShell 2021-10-18

New PDF report generated by system 2021-10-18

Information

Owner Sorbonne Universite

Created 2021-10-18 08:05

Updated 2021-10-18 17:37

Fixed true

Contacts

w...@sorbonne-universite.fr

c...@ssi.gouv.fr

Status

Status closed

Hosting contacted false

CERT contacted false

Download report