Snippets Groups Projects

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

New issue look: Off

Private repository names publicly checkable with 'git push'

It's possible to check publicly if a private repository with a certain name exists.

Steps to reproduce

try to push to existing/non-existing repository via HTTP/HTTPS

Initialize repository

# initialize repository
git init test
cd test
touch foo
git add foo
git commit -m "Add foo"

Push to existing repository

# push via HTTPS
git push https://gitlab.com/gitlab-org/gitlab-ce.git master
Username for 'https://gitlab.com':

Repository exists. The output is the same for existing private repositories.

Push to non-existing repository

git push https://gitlab.com/gitlab-org/non-existing.git master
remote: Not Found
fatal: repository 'https://gitlab.com/gitlab-org/non-existing.git/' not found

Repository doesn't exist, user is not asked for login data.

Possible fixes

check user authentication before checking repository status

Tested with GitLab 6.9.1 and currently installed version at GitLab.com.

Designs

Child items ...

Activity

username-removed-2900 Status changed to closed 10 years ago

Status changed to closed
username-removed-2900 @razer6 · 10 years ago

Maintainer

Fixed in https://github.com/gitlabhq/gitlabhq/commit/8c47a72a4ed3df2327104e029307b5d804525886
Nikola Milojevic mentioned in merge request !14785 4 years ago

mentioned in merge request !14785

Please register or sign in to reply

Due date

None

Health status

None

Confidentiality

Confidentiality controls have moved to the issue actions menu () at the top of the page.

0 Participants