Web applications must manage various secrets such as API keys, database credentials and/or cryptographic secrets. These secrets must be kept private for security but sometimes they are stored in unprotected (publicly accessible) configuration JSON files.

A JSON file was found that potentially contains secrets.
Please consult the Request and Details sections for more information.


It's recommended to revoke/change the leaked secrets and investigate and resolve the source of the leakage.

Secrets that are embedded in code can be accidentally exposed to the public. It's recommended to store them in environment variables or in files outside of your application's source tree.


Related Vulnerabilities