215 – Business information leak - Repository

Description

JFrog Artifactory repositories are accessed, with credentials stored in the source code.

Impact

Access the repository with credentials obtained in the source code.

Recommendation

Establish the necessary controls to ensure that the information is accessible only to the indicated persons.

Threat

Internal attacker with access to source code.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: A
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): H
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): L
• Integrity (SI): L
• Availability (SA): L

Threat 4.0

• Exploit maturity: X

Requirements

• 176 - Restrict system objects
• 177 - Avoid caching and temporary files
• 261 - Avoid exposing sensitive information
• 300 - Mask sensitive data

Last updated

2024/02/16