'Exposure of confidential secret or token LinkedIn client ID'
Description
The response body contains content that matches the pattern of a LinkedIn Client ID was identified. Client IDs are used in combination with a client secret. A malicious actor with access to this ID can impersonate the client application if they also have access to the client secret. Exposing this value could allow attackers to gain access to all resources granted by this token.
Remediation
For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on Credential exposure to the internet. Client IDs do not need to be revoked or regenerated. For more information, please see LinkedIn's documentation on API access.
Details
| ID | Aggregated | CWE | Type | Risk |
|---|---|---|---|---|
| 798.68 | false | 798 | Passive | High |