SYM_GEN_0208 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Hard-coded Harness API keys were found in the source code. Storing credentials directly in code makes them easy to accidentally expose, especially if the code is shared or published.
Impact
If attackers obtain these API keys, they could gain unauthorized access to your Harness account and resources, potentially leading to data leaks, disruption of CI/CD pipelines, or misuse of your infrastructure. This could result in compromised systems and significant organizational risk.