SYM_GEN_0120 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Hard-coded Atlassian API tokens have been found in the source code. Storing credentials directly in code exposes them to anyone with repository access, increasing the risk of unauthorized use.
Impact
If attackers obtain these tokens, they can gain access to Atlassian services (like Jira or Confluence), potentially reading, modifying, or deleting sensitive company data. This could lead to data breaches, service disruption, or further compromise of internal systems.