Business information leak - Repository
Description
JFrog Artifactory repositories are accessed, with credentials stored in the source code.
Impact
Access the repository with credentials obtained in the source code.
Recommendation
Establish the necessary controls to ensure that the information is accessible only to the indicated persons.
Threat
Internal attacker with access to source code.
Expected Remediation Time
⏱️ 30 minutes.
Requirements
176 - Restrict system objects177 - Avoid caching and temporary files261 - Avoid exposing sensitive information300 - Mask sensitive dataFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
A
Attack complexity
L
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
H
Integrity (VI)
L
Availability (VA)
N
Confidentiality (SC)
L
Integrity (SI)
L
Availability (SA)
L
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L