'Exposure of confidential secret or token X token'
Description
The response body contains content that matches the pattern of an X secret access token was identified. An access secret are user-specific credentials used to authenticate OAuth 1.0a API requests. They specify the X account the request is made on behalf of. A malicious actor with access to this token can impersonate requests on behalf of a user. Exposing this value could allow attackers to gain access to all resources granted by this token.
Remediation
For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on Credential exposure to the internet.
Details
| ID | Aggregated | CWE | Type | Risk |
|---|---|---|---|---|
| 798.121 | false | 798 | Passive | High |