SYM_GEN_0188 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Codecov access token was found hard-coded in the source code. Storing credentials directly in code makes them easy to expose and puts your secrets at risk if the codebase is shared or leaked.
Impact
If an attacker obtains this access token, they could gain unauthorized access to your Codecov account, potentially compromising sensitive data, modifying code coverage reports, or launching further attacks against your systems or CI/CD pipelines.