SYM_GEN_0091 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A SonarQube Docs API key has been found directly in the codebase. Storing sensitive credentials like API keys in code makes them accessible to anyone with access to the repository.
Impact
If exposed, attackers can use the API key to access or manipulate your SonarQube instance, potentially leaking source code, project information, or altering code quality data. This can lead to data breaches, unauthorized actions, and loss of control over your code analysis environment.