Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Git Mailmap File Disclosure" module is designed to detect a misconfiguration vulnerability in Git repositories. Git is a distributed version control system commonly used for source code management. This module focuses on the exposure of the ".mailmap" file, which contains email aliases for Git authors.
The severity of this vulnerability is classified as low.
Original authors of this module are geeknik and DhiyaneshDK.
If the ".mailmap" file is exposed, it can potentially reveal sensitive information such as email addresses associated with Git authors. This information could be used for social engineering attacks or targeted phishing attempts.
The "Git Mailmap File Disclosure" module sends an HTTP GET request to the "/.mailmap" path of a Git repository. It then applies a series of matching conditions to determine if the vulnerability is present.
The matching conditions for this module are as follows:
- The response body must not contain the phrase "# Theresa O'Connor:" - The response headers must include the word "application/octet-stream" - The response status code must be 200 - The response body must match the regular expression for email addressesIf all of these conditions are met, the module reports a vulnerability.
It is important to note that this module does not provide any remediation steps. If a vulnerability is detected, it is recommended to secure the ".mailmap" file by restricting access to authorized users only.
For more information, you can refer to the official Git documentation on the .mailmap file.
Metadata:
- Verified: true - Shodan query: html:mailmap