|
Task Description
Date: 12-01-2026
Researcher: Vinit Mevada
Severity: High - Critical
Hello alwaysdata Team,
I hope you are doing well. While performing a security assessment of your application, I identified a potential security issue related to the public exposure of the .git directory. Due to improper server configuration, the .git repository is accessible without authentication, which may lead to sensitive information disclosure.
Impact:
An attacker can download the complete Git repository, including source code and commit history.
Sensitive information such as configuration details, credentials, or API keys (if present in commits) can be exposed.
Access to source code enables attackers to analyze application logic and identify further vulnerabilities.
Disclosure of internal development information can result in intellectual property loss and increase the overall attack surface.
Steps to Reproduce:
Open a web browser.
Navigate to the following endpoint:
https://security.alwaysdata.com/.git/config
Observe that the .git directory or its internal files are accessible without authentication.
A screenshot of the accessible endpoint has been attached for reference.
email to contact - vinitharsh20@gmail.com
|
