Description

Web applications must manage various secrets such as API keys, database credentials and/or cryptographic secrets. These secrets must be kept private for security but sometimes they are stored in unprotected (publicly accessible) configuration JSON files.

A JSON file was found that potentially contains secrets.
Please consult the Request and Details sections for more information.

Remediation

It's recommended to revoke/change the leaked secrets and investigate and resolve the source of the leakage.

Secrets that are embedded in code can be accidentally exposed to the public. It's recommended to store them in environment variables or in files outside of your application's source tree.

References

Best practices for securely using API keys

Related Vulnerabilities

Node.js Running in Development Mode

WordPress Plugin Acumbamail Information Disclosure (1.0.4)

Bitrix server test script publicly accessible

Spring Boot Actuator

WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure