SYM_GEN_0213 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Linear API client secrets have been found hard-coded directly in the source code. Storing credentials in code exposes them to anyone with access to the codebase, making them easily discoverable.
Impact
If these secrets are leaked, attackers could gain unauthorized access to your Linear account or data, potentially leading to data breaches, unauthorized actions, or compromise of other connected systems. This puts both your application's security and your organization's data integrity at risk.