Information Leakage / Exposure of Sensitive Data in Git Repository
Exposure of sensitive data in git repository is a type of information leakage vulnerability (CWE-200). It happens when sensitive data is accidentally committed and pushed to a public git repository, where it can be accessed by anyone. The vulnerability affects both Infrastructure and Web and API. According to the OWASP Testing Guide, this type of vulnerability can be found in web applications or web services that allow users to store data in a version control system, such as git.
Exposure of sensitive data in git repository can have serious consequences. It can lead to data breaches, identity theft, financial losses, and reputational damage. It is important for organizations to assess the risk of this vulnerability and take steps to address it.
To prevent exposure of sensitive data in git repository, organizations should take steps to ensure that sensitive data is never committed and pushed to a public git repository. This includes implementing processes and procedures to ensure that sensitive data is not inadvertently committed and pushed to a public git repository. Additionally, organizations should ensure that access to the git repository is restricted to authorized personnel only.
The following example shows a vulnerable code snippet where the developer stored the credentials in the repository:
#!/usr/bin/env python # File: credentials.py username = 'admin' password = 'password123'
In this example, the developer stored the credentials in a file that was pushed to a public git repository, which exposed the sensitive data to anyone who had access to the repository.