Exposed Git Repo at http://fileserver.dropboxbusiness.com
State Resolved (Closed)
Disclosed publicly 2018-09-14T01:20:08.565Z
Reported To
Weakness Information Disclosure
Bounty $1,024
Collapse

Summary by todayisnew

The report revealed an exposed git repository on a vendor that Dropbox uses. This endpoint could allow an attacker to retrieve much of the source code and git history for this service which could potentially reveal sensitive information like application secrets. Thankfully, after performing an investigation, no particularly sensitive information was exposed and risk was minimized as a result.

Timeline
submitted a report to Dropbox .
2018-02-17T13:57:16.606Z

Regards,
Frans

  • 0 attachments:
nlattimer Activities::BugTriaged
2018-02-18T02:58:23.818Z


nlattimer Activities::Comment
2018-02-18T03:01:33.116Z


Activities::BountyAwarded
2018-02-18T03:05:42.504Z


nlattimer Activities::BugResolved
2018-02-23T21:39:55.315Z


todayisnew Activities::Comment
2018-02-25T19:21:38.646Z


nlattimer Activities::Comment
2018-02-26T06:25:32.584Z


Activities::BountyAwarded
2018-04-14T20:30:49.221Z


todayisnew Activities::Comment
2018-04-15T15:22:53.775Z


nlattimer Activities::Comment
2018-04-15T22:51:46.405Z


todayisnew Activities::AgreedOnGoingPublic
2018-09-14T00:46:48.311Z


nlattimer Activities::AgreedOnGoingPublic
2018-09-14T01:20:08.448Z


nlattimer Activities::ReportBecamePublic
2018-09-14T01:20:08.607Z