117 – Unverifiable files

Description

Files are stored in the repository that cannot be verified because their content is not compatible with their extension.

Impact

- Difficult the versioning and security auditing process. - Introduce vulnerabilities of previous versions in the repository.

Recommendation

- Remove the files that should not be versioned from the repository. - Include the affected extensions in the .gitignore file.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: U

Requirements

• 323 - Exclude unverifiable files

Fixes

• Csharp
• Go
• Java
• Javascript
• Scala
• Swift

Last updated

2024/02/13