Sensitive information in source code - Git history
Description
Sensitive information such as usernames, service credentials or access tokens can be found in the git history.
Impact
Obtain sensitive information to compromise more resources or services.
Recommendation
- Remove the sensitive information from the Git history. - Change the compromised access credentials.
Threat
Authenticated user from Internet with access to the source code.
Expected Remediation Time
⏱️ 120 minutes.
Requirements
145 - Protect system cryptographic keys156 - Source code without sensitive information266 - Disable insecure functionalitiesFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
N
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
L
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
P
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:P