Exposed .git directories are back — blame misconfigured CDNs
A CDN migration pattern we keep seeing re-exposes .git on production origins. One curl command tells you if you are affected; one config line fixes it.
@cbrhex
chaosbyte crew
A CDN migration pattern we keep seeing re-exposes the .git directory on production origins, handing attackers your full source history. One curl command tells you if you are affected.
Why it matters
We keep seeing this pattern across the applications we test. It rarely shows up in a vulnerability scanner's signature list, because exploiting it means chaining a few small assumptions together the way a real attacker would — which is exactly what our AI is built to do.
What we recommend
Treat every trust boundary as hostile, verify server-side, and wire a check into your pipeline so a regression fails the build instead of shipping to production. If you want us to confirm whether you're exposed, point a free pentest at your URL and we'll have a prioritized report back in minutes.