CWE-527: Exposure of Version-Control Repository to an Unauthorized Control Sphere

The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

Version control repositories such as CVS or git store version-specific metadata and other details within subdirectories. If these subdirectories are stored on a web server or added to an archive, then these could be used by an attacker. This information may include usernames, filenames, path root, IP addresses, and detailed "diff" data about how files have been changed - which could reveal source code snippets that were never intended to be made public.

CWE-527: Exposure of Version-Control Repository to an Unauthorized Control Sphere

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Frequently asked questions

What is CWE-527?

What CVEs are caused by CWE-527?

How do you prevent CWE-527?

What are the consequences of CWE-527?

Is CWE-527 actively exploited?

References

Stay ahead of CWE-527

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Related weaknesses

Parent

Frequently asked questions

What is CWE-527?

What CVEs are caused by CWE-527?

How do you prevent CWE-527?

What are the consequences of CWE-527?

Is CWE-527 actively exploited?

References

Stay ahead of CWE-527