Detections
Analytics

Git Repository Served by Web Server

medium Nessus Plugin ID 65702

Language:

Synopsis

The remote web server may disclose information due to a configuration weakness.

Description

The web server on the remote host allows read access to a Git repository. This potential flaw can be used to download content from the Web server that might otherwise be private.

Solution

Verify that the listed Git repositories are served intentionally.

See Also

https://blog.skullsecurity.org/2012/using-git-clone-to-get-pwn3d

http://www.nessus.org/u?b573eafc

Plugin Details

Severity: Medium

ID: 65702

File Name: git_in_www.nasl

Version: 1.6

Type: Remote

Family: CGI abuses

Published: 3/27/2013

Updated: 6/2/2026

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on an in-depth analysis by tenable.

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning