Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible Vulnerability #1

Closed
HKResearch opened this issue Jul 3, 2014 · 1 comment
Closed

Possible Vulnerability #1

HKResearch opened this issue Jul 3, 2014 · 1 comment

Comments

@HKResearch
Copy link

Hello,

We are conducting research on the unintended exposure of secrets in GitHub repositories. In a recent scan we conducted of GitHub repositories, our tool detected that one of your repositories appears to expose a secret, and we've confirmed this possibility by manual inspection. The details are below:

# Branch: master
## File: portfolio/publish/blog/wp-config.php
## Line: 22


# Branch: master
## File: portfolio/publish/blog/wp-config.php
## Line: 28


# Branch: master
## File: portfolio/publish/blog/wp-config.php
## Line: 25


# Branch: master
## File: portfolio/blog/wp-config.php
## Line: 22


# Branch: master
## File: portfolio/blog/wp-config.php
## Line: 28


# Branch: master
## File: portfolio/blog/wp-config.php
## Line: 25

If this information is indeed intended to be secret, we would recommend that you remove this file from the repository (using .gitignore) and generate new passwords for the vulnerable accounts. We would much appreciate a response, letting us know if we are mistaken in concluding that this is a secret, or if you made changes as a result of this report.

Thank you.
@jkarpala
Copy link
Owner

jkarpala commented Jul 3, 2014

Hi,

Thank you,

I've remove the two files from the repository

thanks,
Jeff

On Thu, Jul 3, 2014 at 2:55 PM, HKResearch notifications@github.com wrote:

Hello,

We are conducting research on the unintended exposure of secrets in GitHub
repositories. In a recent scan we conducted of GitHub repositories, our
tool detected that one of your repositories appears to expose a secret, and
we've confirmed this possibility by manual inspection. The details are
below:

Branch: master

File: portfolio/publish/blog/wp-config.php

Line: 22

Branch: master

File: portfolio/publish/blog/wp-config.php

Line: 28

Branch: master

File: portfolio/publish/blog/wp-config.php

Line: 25

Branch: master

File: portfolio/blog/wp-config.php

Line: 22

Branch: master

File: portfolio/blog/wp-config.php

Line: 28

Branch: master

File: portfolio/blog/wp-config.php

Line: 25

If this information is indeed intended to be secret, we would recommend
that you remove this file from the repository (using .gitignore) and
generate new passwords for the vulnerable accounts. We would much
appreciate a response, letting us know if we are mistaken in concluding
that this is a secret, or if you made changes as a result of this report.

Thank you.


Reply to this email directly or view it on GitHub
#1.

@jkarpala jkarpala closed this as completed May 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jkarpala @HKResearch