You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You have an exposed mongoDB cluster containing multiple databases in this repository.
Hey percona, If you receive this issue don't panic, I am a friendly automated script looking around the internet and just to let you know that you have an exposed mongoDB cluster in your code.
I was able to connect and expose those databases from your cluster:
test
admin
local
A malicious attacker could leak data and get credentials to your or people's services/system, even if you know that no sensible information is stored inside it, it is still very dangerous. I do not know what kind of information your databases hold but a malicious attacker could easily dump all the content, please make sure to follow these steps:
Put your secrets in a .env file
Use a library like dotenv to load the environment variables from your file onto your code
At this point, I would either suggest either using github's tool to erase the history or you could delete the repos on Github, remove the .git folder locally and recreate a new repos with a clean history
In the future make sure to not expose your secrets especially your mongodb uri as it contains your username and password combination. Make sure to create a .env file and load your environment variables into your code accordingly.
If you like what I am doing for the community, please feel free to follow my github account @GaillardTom
The text was updated successfully, but these errors were encountered:
Warning
You have an exposed mongoDB cluster containing multiple databases in this repository.
Hey percona, If you receive this issue don't panic, I am a friendly automated script looking around the internet and just to let you know that you have an exposed mongoDB cluster in your code.
I was able to connect and expose those databases from your cluster:
A malicious attacker could leak data and get credentials to your or people's services/system, even if you know that no sensible information is stored inside it, it is still very dangerous. I do not know what kind of information your databases hold but a malicious attacker could easily dump all the content, please make sure to follow these steps:
In the future make sure to not expose your secrets especially your mongodb uri as it contains your username and password combination. Make sure to create a .env file and load your environment variables into your code accordingly.
If you like what I am doing for the community, please feel free to follow my github account @GaillardTom
The text was updated successfully, but these errors were encountered: