'Exposure of confidential secret or token GitLab feed token v2'
Description
The response body contains content that matches the pattern of a GitLab feed token was identified. Your feed token authenticates you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar. It is visible in those feed URLs. It cannot be used to access any other data. A malicious actor with access to this token can read your personalized RSS feed and issue RSS feeds to your calendar feed as if they were you. Exposing this value could allow attackers to gain access to all resources granted by this token.
Remediation
For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on Credential exposure to the internet.
To regenerate a feed token:
- Sign in to your GitLab account and access the User settings left-hand side menu, select "Access tokens"
- Under the "Feed token" section, select the "reset this token" link
- When prompted select "OK"
For more information, please see GitLabs documentation on feed tokens.
Details
| ID | Aggregated | CWE | Type | Risk |
|---|---|---|---|---|
| 798.147 | false | 798 | Passive | High |