toujours dans la boite mail d’Axiom-Team. Je ne sais pas s’il est intéressant ou à considérer comme du spam. @Paidge ? @ ?
Our security scanner Repo Lookout has found a likely vulnerability on a host for which you are listed as the contact!
Repo Lookout is a non-commercial project to find inadvertently publicly exposed source code repositories.
The following URL was world-readable at the time of scanning (Jul 14 '23):
This allows (at least partial) access to the site’s underlying source code repository!
For instance, the last 5 code commits have been:
83c53c80: rebase (continue) (finish): returning to refs/heads/wot_json
83c53c80: rebase (continue): Update fa2rs
8d0f1b0e: rebase (start): checkout master
bf555062: checkout: moving from master to wot_json
8d0f1b0e: clone: from Pierre-Jean CHANCELLIER / Wotmap · GitLab
Such access to the repository could give a malicious actor insight into the structure of the site (e.g. hidden functionality, critical bugs, or credentials to third-party services) and enable downstream attacks (e.g. data leakage, phishing, and extortion).
If this was not intended, we highly recommend to disable access to the source code repository!
Note that if the repository was intentionally made available, no action is required.
Repo Lookout is a large-scale security scanner, with a single purpose: Find source code repositories that have been inadvertently exposed to the public and report them to the domain’s technical contact.
Visit www.repo-lookout.org to learn more about the project.
If you found this vulnerability report useful, please consider supporting the project by becoming a sponsor on Ko-fi. Thank you very much!
The „Repo Lookout“ Team