Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Important: Exposed MongoDB cluster in your code #226

Open
GaillardTom opened this issue Mar 14, 2025 · 0 comments
Open

Important: Exposed MongoDB cluster in your code #226

GaillardTom opened this issue Mar 14, 2025 · 0 comments

Comments

@GaillardTom
Copy link

Warning

You have an exposed mongoDB cluster containing multiple databases in this repository.

Hey percona, If you receive this issue don't panic, I am a friendly automated script looking around the internet and just to let you know that you have an exposed mongoDB cluster in your code.

I was able to connect and expose those databases from your cluster:

  • test
  • admin
  • local

A malicious attacker could leak data and get credentials to your or people's services/system, even if you know that no sensible information is stored inside it, it is still very dangerous. I do not know what kind of information your databases hold but a malicious attacker could easily dump all the content, please make sure to follow these steps:

  1. Put your secrets in a .env file
  2. Use a library like dotenv to load the environment variables from your file onto your code
  3. At this point, I would either suggest either using github's tool to erase the history or you could delete the repos on Github, remove the .git folder locally and recreate a new repos with a clean history

In the future make sure to not expose your secrets especially your mongodb uri as it contains your username and password combination. Make sure to create a .env file and load your environment variables into your code accordingly.

If you like what I am doing for the community, please feel free to follow my github account @GaillardTom

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant