Don’t leave the doors open, MercedesĪ Swiss software engineer discovered a GitLab instance hosting onboard logic unit source code used in Daimler’s Mercedes Benz vans. Thus, potentially leading to future exploits based on vulnerabilities hackers may discover within the pilfered code. The leak was only discovered after the source code behind Nissan’s mobile apps, websites and internal tools surfaced on hacking forums and Telegram groups. This left the door completely open for hackers to step right in. The company’s self-hosted Git server was misconfigured to use the default “admin/admin” password.
Nissan takes a wrong turnĪutomotive giant Nissan’s North America division suffered a massive data breach because of bad password hygiene. The list included high-profile patients such as the Brazilian President, his family, 7 Ministers, and 17 state Governors. Overall, the leak exposed personally identifying medical records of over 16 million Brazilian patients.
The second database held full patient hospitalization data. The first database contained private information on patients suffering from mild COVID-19 conditions. The spreadsheet in question included login credentials to two governmental databases. These are just the tip of the iceberg: Two databases and a SpreadsheetĪn employee at the Albert Einstein Hospital in Sao Paulo accidentally committed a sensitive spreadsheet file to a public GitHub repository. There are numerous cautionary tales depicting the outcome of badly configured or insecure Git management. With many companies relying on Git for code management, Git has become a popular attack vector for hackers. This especially true when code-commits are not properly screened by secret detection tools. However, their convenience and ease-of-use can prove to be a hindrance as well, often leading to human error. Such services offer an easy-to-use interface with enhanced access controls. So you may very well end up leaving a lot of holes for hackers to exploit.Įven hosted Git services such as GitHub or GitLab offer limited security.
There are too many opportunities to exploit a misconfigured or unpatched Git server. If you are not an experienced maven in Git server configuration, you are probably not qualified to maintain a self-hosted Git solution hosting sensitive data. Self-hosting a Git server is a security nightmare. As such, it is not secure but can be made secure through the use of tools and best practices. How secure is Git?Īt its core, Git is not built for security but for collaboration. Then, we’ll list the eight most common Git security issues, and what you can do about them. We will demonstrate why and how serious Git security issues can be. In this post, we’ll review just how secure Git is (or rather isn’t). Whether you’re using GitLab, GitHub, or a locally hosted Git server there are many security issues that can sneak up on you and start a snowball effect of unpleasant repercussions. Git is the most popular software version control (SVC) standard used by developers today.