A contractor for the Cybersecurity and Infrastructure Security Agency (CISA) inadvertently exposed highly sensitive administrative credentials and internal system details on a public GitHub repository for approximately six months, security researchers said.