'Exposure of confidential secret or token Discord client ID'
Description
The response body contains content that matches the pattern of a Discord client ID was identified. Client IDs are used in OAuth applications and are used in combination with a client secret. This value alone does not grant any access and must be used alongside the client secret value. Exposing this value could allow attackers to gain access to all resources granted by this token.
Remediation
For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on Credential exposure to the internet. You cannot revoke a Discord client ID. Instead you must generate an entire new Discord application.
For more information, please see Discord's documentation on OAuth.
Details
| ID | Aggregated | CWE | Type | Risk |
|---|---|---|---|---|
| 798.27 | false | 798 | Passive | High |