Reminder: Security issue on your website guamnesty.org.uk

November 20, 2021 in main by guamnesty

Hello,
This is a kind reminder about a security issue we reported for your domain on October 22. Our data shows that one issue was still present within the last 72 hours. We realize that due to spam protection mechanisms, our original email might not have been delivered. We have therefore attached our original mail again below.
You can review more detailed information about the issue on your website and its remediation status by visiting our web interface at: notify.cispa.de/reports/guamnesty.org.uk/report-mztsO7io
Since this notification is part of an ongoing research project, we will re-check your website to verify if the issues have been fixed. If you wish us to stop this check, please visit our web interface at notify.cispa.de/reports/guamnesty.org.uk/report-mztsO7io to opt out or contact us at info@notify.cispa.de. Should you need further information or have any other questions, please do not hesitate to contact us using the same email address.
Help us improve our notification process with anonymous feedback at: notify.cispa.de/reports/guamnesty.org.uk/report-mztsO7io/notification_survey
Best regards,
Matthias Michels
———————————————– Matthias Michels | Research Assistant CISPA Helmholtz Center for Information Security Stuhlsatzenhaus 5 66123 Saarbrücken Germany
Original message:
Hello,
We are a group of security and privacy researchers from the CISPA Helmholtz Center for Information Security and Ruhr-University Bochum in Germany. As part of our current research project, we analysed potential security and data protection issues in websites. We are contacting this email address because our analysis tool found it on your website.
We would like to raise your attention to the following security issue on your website guamnesty.org.uk.
——– Publicly accessible Git repository ——–
If the configuration folder for Git (.git) is reachable through HTTP, an attacker may copy the content of this repository. This allows an attacker to access the source code versioned in this repository, including any credentials or other sensitive data possibly stored there.
Our automated analysis detected a publicly accessible Git repository on your website. Note that we only check for the existence of a repository and do not attempt to download any actual content. Hence, we cannot state if it contains any sensitive information.
You can review more detailed information about the security issue on your website and its remediation status by visiting our web interface at: notify.cispa.de/reports/guamnesty.org.uk/report-mztsO7io
Since this notification is part of an ongoing research project, we will re-check your website to verify if the issue has been fixed. If you wish us to stop this check, please visit our web interface at notify.cispa.de/reports/guamnesty.org.uk/report-mztsO7io to opt out or contact us at info@notify.cispa.de. Should you need further information or have any other questions, please do not hesitate to contact us using the same email address.
Help us improve our notification process with anonymous feedback at: notify.cispa.de/reports/guamnesty.org.uk/report-mztsO7io/notification_survey
Best regards,
Matthias Michels
———————————————– Matthias Michels | Research Assistant CISPA Helmholtz Center for Information Security Stuhlsatzenhaus 5 66123 Saarbrücken Germany