Description

Web applications must manage various secrets such as API keys, database credentials and/or cryptographic secrets. These secrets must be kept private for security but sometimes they are leaked via JavaScript files, error messages, etc.

It was identified that this page is leaking one or more secrets. Please consult the Details section for more information.

Remediation

It's recommended to revoke/change the leaked secrets and investigate and resolve the source of the leakage.

Secrets that are embedded in code can be accidentally exposed to the public. It's recommended to store them in environment variables or in files outside of your application's source tree.

References

Best practices for securely using API keys

Related Vulnerabilities

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3412)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.20)

phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3783)

Apache Tomcat examples directory vulnerabilities

Programming Error Messages

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure