SYM_CONF_0303 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inclusion of Sensitive Information in Source Code
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-540: Inclusion of Sensitive Information in Source Code |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
$VALUE Found a string literal assignment to a production Rails session secret in secrets.yaml. Do not commit secret values to source control! Any user in possession of this value may falsify arbitrary session data in your application. Read this value from an environment variable, KMS, or file on disk outside of source control.