Description
During the scan, Cytrix managed to find a .git folder.
The .git folder is a GitHub directory containing information and hashes of files and directories of the repository he is associated with. During the scan, Cytrix found that the file is exposed and available for everyone to download.
An attacker could access very sensitive information including usernames, passwords, ports, and IP addresses of a database.
Severity/Score
CVSS Version 3.x – 5.3 Medium
Recommendation
To prevent this vulnerability, Ensure that the directory access is blocked by configuring the .htaccess file or by removing the “/.git/” from the server entirely.