Hello there,
Our security scanner Repo Lookout has found a vulnerability on a host for which you are listed as the contact!
Repo Lookout is a non-commercial project to find inadvertently publicly exposed source code repositories.
Details
The following URL was world-readable at the time of scanning (Mar 23 '23):
This allows (at least partial) access to the site's underlying source code repository!
For instance, the last code commit has been:
3d6555ac: clone: from https://gitlab.com/mailman/mailman-bundler.git
Such access to the repository could give an attacker insight into the structure of the site (e.g. hidden functionality, critical bugs, or credentials to third-party services) and enable downstream attacks (e.g. data leakage, phishing, and extortion).
It is highly recommended to disable access to the source code repository!
What is „Repo Lookout“?
Repo Lookout is a large-scale security scanner, with a single purpose: Find source code repositories that have been inadvertently exposed to the public and report them to the domain’s technical contact.
Visit www.repo-lookout.org to learn more about the project.
Sponsoring
If you found this vulnerability report useful, please consider supporting the project by becoming a sponsor on Ko-fi. Thank you very much!
Best regards,
The „Repo Lookout“ Team