diff --git a/artemis/reporting/modules/vcs/reporter.py b/artemis/reporting/modules/vcs/reporter.py
index 185d54d46..8f31fd0e1 100644
--- a/artemis/reporting/modules/vcs/reporter.py
+++ b/artemis/reporting/modules/vcs/reporter.py
@@ -69,7 +69,7 @@ def _create_reports_svn(task_result: Dict[str, Any], language: Language) -> List
                 return [
                     Report(
                         top_level_target=get_top_level_target(task_result),
-                        target=repo_url,
+                        target=db_url,
                         report_type=VCSReporter.EXPOSED_VERSION_CONTROL_FOLDER_WITH_CREDENTIALS,
                         additional_data={
                             "config_url": db_url,
@@ -98,7 +98,7 @@ def _create_reports_svn(task_result: Dict[str, Any], language: Language) -> List
             return [
                 Report(
                     top_level_target=get_top_level_target(task_result),
-                    target=repo_url,
+                    target=db_url,
                     report_type=VCSReporter.EXPOSED_VERSION_CONTROL_FOLDER,
                     additional_data={"config_url": db_url},
                     timestamp=task_result["created_at"],
@@ -148,7 +148,7 @@ def _create_reports_git(task_result: Dict[str, Any], language: Language) -> List
                 return [
                     Report(
                         top_level_target=get_top_level_target(task_result),
-                        target=repo_url,
+                        target=config_url,
                         report_type=VCSReporter.EXPOSED_VERSION_CONTROL_FOLDER_WITH_CREDENTIALS,
                         additional_data={
                             "config_url": repo_url,
@@ -161,7 +161,7 @@ def _create_reports_git(task_result: Dict[str, Any], language: Language) -> List
 
         report = Report(
             top_level_target=get_top_level_target(task_result),
-            target=repo_url,
+            target=config_url,
             report_type=VCSReporter.EXPOSED_VERSION_CONTROL_FOLDER,
             additional_data={"config_url": config_url},
             timestamp=task_result["created_at"],
diff --git a/artemis/reporting/modules/vcs/template_exposed_version_control_folder.jinja2 b/artemis/reporting/modules/vcs/template_exposed_version_control_folder.jinja2
index 27f27cada..0f46bdfcc 100644
--- a/artemis/reporting/modules/vcs/template_exposed_version_control_folder.jinja2
+++ b/artemis/reporting/modules/vcs/template_exposed_version_control_folder.jinja2
@@ -17,5 +17,12 @@
                 Such data shouldn't be publicly available.
             {% endtrans %}
         </p>
+        <p>
+            {% trans trimmed %}
+                Even if directory listing in a folder is not enabled, a repository may be cloned by an attacker.
+                We recommend making the whole version control folders (not only the example files listed above)
+                inaccessible for external usera.
+            {% endtrans %}
+        </p>
     </li>
 {% endif %}
diff --git a/artemis/reporting/modules/vcs/translations/en_US/LC_MESSAGES/messages.po b/artemis/reporting/modules/vcs/translations/en_US/LC_MESSAGES/messages.po
index 870d25fee..c059df269 100644
--- a/artemis/reporting/modules/vcs/translations/en_US/LC_MESSAGES/messages.po
+++ b/artemis/reporting/modules/vcs/translations/en_US/LC_MESSAGES/messages.po
@@ -9,6 +9,14 @@ msgid ""
 "gain unauthorized access. Such data shouldn't be publicly available."
 msgstr ""
 
+#: artemis/reporting/modules/vcs/template_exposed_version_control_folder.jinja2:21
+msgid ""
+"Even if directory listing in a folder is not enabled, a repository may be"
+" cloned by an attacker. We recommend making the whole version control "
+"folders (not only the example files listed above) inaccessible for "
+"external usera."
+msgstr ""
+
 #: artemis/reporting/modules/vcs/template_exposed_version_control_folder_with_credentials.jinja2:3
 msgid ""
 "The following addresses contain version control system data together with"
diff --git a/artemis/reporting/modules/vcs/translations/pl_PL/LC_MESSAGES/messages.po b/artemis/reporting/modules/vcs/translations/pl_PL/LC_MESSAGES/messages.po
index 847bb3a53..e4462874c 100644
--- a/artemis/reporting/modules/vcs/translations/pl_PL/LC_MESSAGES/messages.po
+++ b/artemis/reporting/modules/vcs/translations/pl_PL/LC_MESSAGES/messages.po
@@ -15,6 +15,18 @@ msgstr ""
 "hasła czy klucze API - również uzyskanie nieuprawnionego dostępu. "
 "Rekomendujemy, aby tego typu dane nie były dostępne publicznie."
 
+#: artemis/reporting/modules/vcs/template_exposed_version_control_folder.jinja2:21
+msgid ""
+"Even if directory listing in a folder is not enabled, a repository may be"
+" cloned by an attacker. We recommend making the whole version control "
+"folders (not only the example files listed above) inaccessible for "
+"external usera."
+msgstr ""
+"Nawet, jeśli w katalogu .git czy .svn serwer nie wyświetla listy plików, "
+"pobranie repozytorium przez atakującego jest możliwe. Rekomendujemy, aby "
+"całe te foldery nie były dostępne, nie tylko przykładowe pliki "
+"repozytorium podane powyżej."
+
 #: artemis/reporting/modules/vcs/template_exposed_version_control_folder_with_credentials.jinja2:3
 msgid ""
 "The following addresses contain version control system data together with"