Skip to main content

Unverifiable files

Description

The repository is storing files that either can not be verified nor should be versioned, such as binary files, logs or temporary files.

Impact

  • Difficult the versioning and security auditing process.
  • Introduce vulnerabilities of previous versions in the repository.

Recommendation

  • Remove the files that should not be versioned from the repository.
  • Include the affected extensions in the .gitignore file.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

โŒš 15 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: N
  • Attack complexity: H
  • Privileges required: L
  • User interaction: N
  • Scope: U
  • Confidentiality: N
  • Integrity: L
  • Availability: N

Temporal

  • Exploit code madurity: U
  • Remediation level: X
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:X/RC:X
  • Score:
    • Base: 3.1
    • Temporal: 2.9
  • Severity:
    • Base: Low
    • Temporal: Low

Code Examples

Compliant code

There are no binary files in the repository

Non compliant code

Master branch of the repository stores binary files or unverifiable files. e.g. MyJar.class

Requirements