SYM_GEN_0253 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Travis CI access token appears to be hard-coded in the source code. Storing credentials directly in code exposes them to anyone with repository access and increases the risk of accidental leaks.
Impact
If an attacker obtains this token, they could access your Travis CI account, modify build configurations, access sensitive environment variables, or trigger builds. This could lead to unauthorized access, data leaks, or compromise of related systems.