The repository of the code used by the New York State IT department is exposed on the Internet. Make internal projects accessible to everyone Some of which have secret keys and passwords related to the state system.
The exposed GitLab server was discovered Saturday by สล็อตออนไลน์ Dubai-based SpiderSilk, a cybersecurity firm credited with discovering data breaches in Samsung, Clearview AI and MoviePass.
Organizations use GitLab to co-develop and store source code — including the secret keys, tokens, and passwords needed for projects to run — on servers they control.
But the exposed server is accessible from the internet and configured so anyone outside the organization can create a user account and log in without restrictions, SpiderSilk's chief security officer Mossab Hussein told TechCrunch.