SYM_GEN_0207 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A GitHub fine-grained personal access token is hard-coded directly in the source code. Storing credentials in code makes them easy to accidentally expose or leak, especially if the repository is shared or made public.
Impact
If an attacker obtains this token, they could access or manipulate your GitHub resources as permitted by the token's scope. This could lead to unauthorized code changes, data theft, or further compromise of your organization's repositories.