Highest Voted 'scm' Questions - IT Security Stack Exchange

5

votes

1 answer

What could an attacker do on a server where Source Control Management (SCM) files are accessible?

I'm testing some servers with OpenVAS and I run into some SCM files that are remotely accessible: .git/config .git//info/exclude .git/description .git/HEAD that contains refs/heads/master and .git/refs/heads/master that contains a hash I'm new to…

asked Apr 11 '19 at 09:11

EQT_STRIKE

53
4

0

votes

2 answers

Why Software Configuration Management tools (SCMs) authenticate only client instead of server?

I've noted that probably all of the 4 popular Software Configuration Management Tools (SCMs), ie.: Puppet, Ansible, Chef, Salt use only clients' authentication instead of the server authentication – correct me if I'm wrong (I suspect I'm wrong,…

authentication certificates public-key-infrastructure software scm

asked Sep 17 '17 at 12:47

patryk.beza

413
3
6

0

votes

1 answer

How can I download an exposed mercurial directory?

I have a client with an open .hg directory. For example, the URL http://example.com/.hg/dirstate shows a plain text config file. They have not enabled directory listing, so http://example.com/.hg/ gives a 403 Forbidden page. I want to download the…

scm

asked Mar 20 '17 at 09:39

Sjoerd

28,707
12
74
102

Questions tagged [scm]

What could an attacker do on a server where Source Control Management (SCM) files are accessible?

Why Software Configuration Management tools (SCMs) authenticate only client instead of server?

How can I download an exposed mercurial directory?