Yes, this vulnerability exists because most of the time when using a version-controlled system, developers host their repository in production. This is a very good chance for bounty hunters. Leaving these folders allows a penetration tester to download the entire source code.
After we get the...