Website contains Git metadata directory

OWASP 2013-A5 OWASP 2017-A6 WSTG-INFO-05

Git is a version control system intended to keep in track of the updates made by several developers across different systems. It is free and open source software that handles from small to large application development with speed and efficiency. Almost all companies like Google, Facebook, Microsoft and LinkedIn use git for development. Git has features like subversions, cheap local branching, convenient staging areas and multiple workforces. An attacker can extract sensitive information by requesting the hidden .git metadata directory.

Impact

One of the major impacts for this vulnerability is a major data breach using the .git file. The attacker will get the source code of the application along with sensitive information.

Mitigation / Precaution

Beagle recommends the following solutions:-

  • Restrict access to the .git directory or remove the .git directory.
        <Directory ~ "\.git">
        Order allow,deny
        Deny from all
        </Directory>

    

Latest Articles