Unreferenced Repository Found
Impact: High
Description
A repository keeps the versioning information of different documents. They are usually used to maintain the source code of applications. The most common version control systems are Git, SVN, CVS, and Mercurial. Repositories contain the contents of the documents, usernames, history of the changes and, other important information. Attackers can often find unreferenced repositories not directly referenced in the website.
Recommendation
Remove the whole repository directory and make sure it won’t get deployed in the future.
References
- OWASP: Review Old Backup and Unreferenced Files for Sensitive Information
- CWE-552
- CWE-200
- OWASP 2007-A6
- OWASP 2021-A1
👉 You might also like:
Sensitive Unreferenced Resource Found - Vulnerability
Unreferenced Login Page Found - Vulnerability
Unreferenced Resource Found - Vulnerability
Old/Backup Resource Found - Vulnerability
Last updated on February 15, 2021