Bonjour,
toujours dans la boite mail d’Axiom-Team. Je ne sais pas s’il est intéressant ou à considérer comme du spam. @Paidge ? @ ?
HOST: wotmap.duniter.org
UUID: 54767b86d9f
Hello there,
Our security scanner Repo Lookout has found a likely vulnerability on a host for which you are listed as the contact!
Repo Lookout is a non-commercial project to find inadvertently publicly exposed source code repositories.
Details
The following URL was world-readable at the time of scanning (Jul 14 '23):
This allows (at least partial) access to the site’s underlying source code repository!
For instance, the last 5 code commits have been:
83c53c80: rebase (continue) (finish): returning to refs/heads/wot_json83c53c80: rebase (continue): Update fa2rs8d0f1b0e: rebase (start): checkout masterbf555062: checkout: moving from master to wot_json8d0f1b0e: clone: from Pierre-Jean CHANCELLIER / Wotmap · GitLab
Such access to the repository could give a malicious actor insight into the structure of the site (e.g. hidden functionality, critical bugs, or credentials to third-party services) and enable downstream attacks (e.g. data leakage, phishing, and extortion).
If this was not intended, we highly recommend to disable access to the source code repository!
Note that if the repository was intentionally made available, no action is required.
What is „Repo Lookout“?
Repo Lookout is a large-scale security scanner, with a single purpose: Find source code repositories that have been inadvertently exposed to the public and report them to the domain’s technical contact.
Visit www.repo-lookout.org to learn more about the project.
Sponsoring
If you found this vulnerability report useful, please consider supporting the project by becoming a sponsor on Ko-fi. Thank you very much!
Best regards,
The „Repo Lookout“ Team
