In the fast-paced world of development, security vulnerabilities can easily be overlooked. A recent discovery of a severe exploit chain, starting from a publicly exposed .git directory, led to a full server takeover. Many websites still expose their .git directories, which store sensitive information and credentials. By accessing the .git/config file, the author found credentials that allowed them to clone the entire repository. They then discovered that Bitbucket Pipelines were being used for deployment, and manipulated the pipeline configuration to add their SSH key to gain access to the server. This exploit chain serves as a warning to monitor SSH keys and never expose .git directories publicly.
https://blog.razzsecurity.com/2024/09/08/exploitation-research/exploiting-ci-cd-pipelines-for-fun-and-profit/