Details
-
Bug
-
Resolution: Fixed
-
Low
Description
There are different responses to requests for a nonexistent repo (404) vs. an existing, private repo (login page, possible access denied for authenticated and nonauthorized users). This allows anyone to probe for the existence of a private repository.