Security vulnerability on host "bytespeicher.lists.bytespeicher.org"
1 Jahr, 5 Monate
Repo Lookout Reporter
HOST: bytespeicher.lists.bytespeicher.org
UUID: fc4de9ee810
---------------------------------------------------------------------------
Hello there,
OUR SECURITY SCANNER "REPO LOOKOUT" HAS FOUND A VULNERABILITY ON A HOST FOR
WHICH YOU ARE LISTED AS THE CONTACT!
Repo Lookout is a non-commercial project to find inadvertently publicly
exposed source code repositories.
# DETAILS
The following URL was world-readable at the time of scanning (Mar 23 '23):
- https://bytespeicher.lists.bytespeicher.org/.git
This allows (at least partial) access to the site's underlying source code
repository.
For instance, the last code commit has been::
- 3d6555ac: clone: from https://gitlab.com/mailman/mailman-bundler.git
Such access to the repository could give an attacker insight into the
structure of the site (e.g. hidden functionality, critical bugs, or
credentials to third-party services) and enable downstream attacks (e.g.
data leakage, phishing, and extortion).
IT IS HIGHLY RECOMMENDED TO DISABLE ACCESS TO THE SOURCE CODE REPOSITORY!
# WHAT IS "REPO LOOKOUT"?
Repo Lookout is a large-scale security scanner, with a single purpose: Find
source code repositories that have been inadvertently exposed to the public
and report them to the domain's technical contact.
Visit https://www.repo-lookout.org/ to learn more about the project.
# SPONSORING
If you found this vulnerability report useful, please consider supporting
the project by becoming a sponsor on Ko-fi (https://ko-fi.com/repolookout).
Thank you very much!
Best regards,
The "Repo Lookout" Team
---------------------------------------------------------------------------
Copyright 2022–23
Crissy Field GmbH (https://www.crissyfield.de/)