Back

Website contains Git metadata directory

By
Febna V M
Published on
19 Jun 2018
metadata

Git is a version control system intended to keep in track of the updates made by several developers across different systems. It is free and open source software that handles from small to large application development with speed and efficiency. Almost all companies like Google, Facebook, Microsoft and LinkedIn use git for development. Git has features like subversions, cheap local branching, convenient staging areas and multiple workforces. An attacker can extract sensitive information by requesting the hidden .git metadata directory.

Impact

One of the major impacts for this vulnerability is a major data breach using the .git file. The attacker will get the source code of the application along with sensitive information.

Mitigation / Precaution

Beagle recommends the following solutions:-

  • Restrict access to the .git directory or remove the .git directory.
        <Directory ~ "\.git">
        Order allow,deny
        Deny from all
        </Directory>
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Product tour
Written by
Febna V M
Febna V M
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.
Product tour