Threat actors could potentially compromise hundreds of thousands of websites due to a vulnerability within the Git open source development tool, TechRadar reports.
Defense.com noted that 332,000 websites, including 2,500 using the .gov domain, are at risk of potential data loss stemming from the flaw, which could be exploited to discover and download .git folders that contain websites' codebase histories, comments, security keys, previous code changes, sensitive remote paths, and plain-text passwords.
Attackers could also gain access to API keys and database credentials, as well as determine other potentially exploitable bugs, according to researchers.
Security vulnerabilities are prevalent in open source technology as a result of its publicly accessible code and should prompt organizations to apply immediate remediation efforts, said Defense.com CEO Oliver Pinson-Roxburgh.
"Whilst it is true that some folders would have been purposefully left accessible, the vast majority will be unaware of the threat they are facing," Pinson-Roxburgh added.
Numerous sites at risk of exposure due to Git vulnerability
Threat actors could potentially compromise hundreds of thousands of websites due to a vulnerability within the Git open source development tool, TechRadar reports.
Such newly secured funds will be leveraged by the firm, which offers a complete risk management platform for managed service providers, to advance product development, sales, and marketing initiatives, as well as bolster customer support investments, according to Cyrisma.
Affected by the flaw, which has remained unresolved since being detailed by SSD Disclosure in an advisory late last month, were Linear eMerge E3 versions 0.32-03i, 0.32-04m, 0.32-05p, 0.32-05z, 0.32-07p, 0.32-07e, 0.32-08e, 0.32-08f, 0.32-09c, 1.00.05, and 1.00.07, according to SSD Disclosure.