SYM_CONF_0011 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive information such as passwords, API keys, or tokens is being stored directly in Kubernetes configuration files. This makes secrets visible to anyone with access to the codebase or version control.
Impact
If these files are leaked or accessed by unauthorized users, attackers can obtain credentials and gain access to critical systems or data. This could result in compromised infrastructure, data breaches, or unauthorized actions within your Kubernetes environment.