Closed
Bug 1882223
Opened 2 years ago
Closed 1 year ago
Git folder exposed at mx.thunderbird.net
Categories
(Thunderbird :: General, defect)
Thunderbird
General
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: max, Assigned: sancus)
Details
Steps to reproduce:
curl https://mx.thunderbird.net/.git/configonfig
Actual results:
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
url = https://github.com/thundernest/http-mx.git
fetch = +refs/heads/:refs/remotes/origin/
[branch "master"]
remote = origin
merge = refs/heads/master
[branch "prod"]
remote = origin
merge = refs/heads/prod
Expected results:
Git index allows accessing the files list and source code through .git/objects/
Source code exposure could be risky.
|
||
Updated•2 years ago
|
Assignee: nobody → sancus
|
||
Updated•2 years ago
|
Component: Untriaged → General
|
|
||
Comment 1•1 year ago
|
||
Our code is open source, so exposure is not a concern.
Group: mail-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•