'Exposure of confidential secret or token Discord client secret'
Description
The response body contains content that matches the pattern of a Discord client secret. Exposing this value could allow attackers to gain access to all resources granted by this token.
Remediation
For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on Credential exposure to the internet.
To rotate a Discord client secret:
- Sign in and visit https://discord.com/developers/applications/.
- Select the application which the identified secret belongs to.
- Select the "OAuth 2" menu item in the left-hand side menu.
- Under the "Client information" section of the page, select "Reset Secret".
- When prompted, select "Yes, do it!".
For more information, please see Discord's documentation on OAuth.
Details
| ID | Aggregated | CWE | Type | Risk |
|---|---|---|---|---|
| 798.28 | false | 798 | Passive | High |