TF 0367 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
GitHub repository shouldn't be public.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | repositories |
| Provider | GitHub |
| Vulnerability Type | omission |
Description
The configuration allows a GitHub repository to be public, making all its contents accessible to anyone on the internet. Sensitive code, credentials, or intellectual property stored in the repository are exposed without restriction.
Impact
Attackers or unauthorized users can freely access, copy, and distribute the repository's contents, potentially leading to data leaks, intellectual property theft, or compromise of other systems if secrets are exposed.
Resolution
Make sensitive or commercially important repositories private