Git Repository Served by Web Server

medium Nessus Plugin ID 65702

Synopsis

The remote web server may disclose information due to a configuration weakness.

Description

The web server on the remote host allows read access to a Git repository. This potential flaw can be used to download content from the Web server that might otherwise be private.

Solution

Verify that the listed Git repositories are served intentionally.

See Also

https://blog.skullsecurity.org/2012/using-git-clone-to-get-pwn3d

http://www.nessus.org/u?b573eafc

Plugin Details

Severity: Medium

ID: 65702

File Name: git_in_www.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 3/27/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning