Unreferenced Repository Found

Description

A repository keeps the versioning information of different documents. They are usually used to maintain the source code of applications. The most common version control systems are Git, SVN, CVS, and Mercurial. Repositories contain the contents of the documents, usernames, history of the changes and, other important information. Attackers can often find unreferenced repositories not directly referenced in the website.

Recommendation

Remove the whole repository directory and make sure it won’t get deployed in the future.

References

• OWASP: Review Old Backup and Unreferenced Files for Sensitive Information
• CWE-552
• CWE-200
• OWASP 2007-A6
• OWASP 2021-A1