CWE-527
Exposure of Version-Control Repository to an Unauthorized Control Sphere
The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.
Mitigation
Phases: Operation, Distribution, System Configuration
Description:
- Recommendations include removing any CVS directories and repositories from the production server, disabling the use of remote CVS repositories, and ensuring that the latest CVS patches and version updates have been performed.
No CAPEC attack patterns related to this CWE.