Description
Unreferenced repositories, such as those from version control systems like Git, SVN, CVS, and Mercurial, contain valuable information such as source code, historical changes, and usernames. Attackers may exploit unreferenced repositories to gain insights into an application’s codebase and potentially discover vulnerabilities.
Recommendation
To mitigate the risk of information disclosure, promptly remove unreferenced repositories from publicly accessible locations. Implement controls to prevent the deployment or exposure of repositories in the future.
References
- OWASP: Review Old Backup and Unreferenced Files for Sensitive Information
- CWE-200
- CWE-552
- CAPEC-118
- OWASP 2021-A5
Related Issues
- Sensitive Unreferenced Resource Found - Vulnerability
- Unreferenced Resource Found - Vulnerability
- Unreferenced Login Page Found - Vulnerability
- Old/Backup Resource Found - Vulnerability
- Tags:
- Information Disclosure
- Version Control
Anything's wrong? Let us know Last updated on May 13, 2024