Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.
(trufflesecurity.com)
from vsis@feddit.cl to cybersecurity@sh.itjust.works on 25 Jul 2024 12:09
https://feddit.cl/post/3545817
from vsis@feddit.cl to cybersecurity@sh.itjust.works on 25 Jul 2024 12:09
https://feddit.cl/post/3545817
tl;dr - If a project has been forked or is a fork, you can bruteforce short commit id to see commits from other projects. It doesn’t matter if those projects were deleted or made private.
threaded - newest
Literally “it’s a feature, not a bug”. Absolutely hilarious that they don’t think this is an issue. I can only hope that other sourceforges don’t just copy this behavior “beCaUSe GiTHuB dOeS iTT!!!”.
Anti Commercial-AI license