1.9 million .git folders containing critical project data are open to the public, discovered the Cybernews research team. The exposed folders are located mainly in the US (31%), followed by China (8%) and Germany (6.5%).
Git is a free and open-source distributed version control system (VCS) designed to coordinate work among programmers who create source code and allows them to track changes. A .git folder contains critical project information, such as remote repository addresses, commit history logs and other critical metadata. Leaving all this data open to the public poses a risk because it can result in breaches and system exposure.
According to another investigation by Cybernews, CarbonTV, a US-based streaming service, had left a server with its source code exposed, endangering both user security and the reputation of the company. Due to weak control of access to the .git folder, the source code was leaked.
1.9 Million IP Adresses With Public Access to .Git Folder Structure
Despite the risks, a more recent Cybernews investigation into IPv4 (Internet Protocol version 4) specifically, showed that the most widely used web service ports 80 and 444 are not always handled properly.
The research team discovered 1,931,148 IP addresses with live servers that had public access to the.git folder structure. 31% of the public .git folders are in the U.S, 8% in China and 6.5% in Germany.
..
Support the originator by clicking the read the rest link below.
