Nextcloud: GIT Detected

ID H1:221298
Type hackerone
Reporter lulliii
Modified 2017-04-20T09:58:38


Hello team, While i was testing, I've detected GIT repository files. GIT repository files can disclose GIT repository usernames and file lists. While disclosures of this type do not provide direct attack vectors, they can be useful for an attacker when combined with other vulnerabilities discovered within the application.


Page is showing: [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = fetch = +refs/heads/:refs/remotes/origin/ [branch "master"] remote = origin merge = refs/heads/master [branch "pricing"] remote = origin merge = refs/heads/pricing [branch "orderform"] remote = origin merge = refs/heads/orderform