Important: Exposed MongoDB cluster in your code #1
Description
Warning
You have an exposed mongoDB cluster containing multiple databases in this repository.
Hey CharlieQLe, If you receive this issue don't panic, I am a friendly automated script looking around the internet and just to let you know that you have an exposed mongoDB cluster in your code.
I was able to connect and expose those databases from your cluster:
- Articles
- Datadb
- EventifyDB
- Gcloud
- HospitalDB
- ImageAItools
- Imagine
- MiniProjectsGIt
- NewDatabase
- Port
- Portfolio
- SceneMovie
- StitchHub
- Store
- SubjectAuth
- TESTING
- Testimonial
- Userdb
- Userdbs
- chatwithdocs
- coder
- dummy-image
- dummy1
- dummyimage
- finalImagetk
- flipkart
- fraud
- github1
- image
- info
- jaishree
- medtESTINGGitPros
- metESTINGGitPros
- pdtESTINGGitPros
- pollitup
- portdb
- portfolio-nextjs
- portfolio-starter
- portfolioDB
- portfolioTester
- projectp
- ptESTINGGitPros
- simple
- tESTINGGitPros
- test
- testPortfolio
- admin
- local
A malicious attacker could leak data and get credentials to your or people's services/system, even if you know that no sensible information is stored inside it, it is still very dangerous. I do not know what kind of information your databases hold but a malicious attacker could easily dump all the content, please make sure to follow these steps:
- Put your secrets in a .env file
- Use a library like dotenv to load the environment variables from your file onto your code
- At this point, I would either suggest either using github's tool to erase the history or you could delete the repos on Github, remove the .git folder locally and recreate a new repos with a clean history
In the future make sure to not expose your secrets especially your mongodb uri as it contains your username and password combination. Make sure to create a .env file and load your environment variables into your code accordingly.