Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Unprotected JSON file leaking secrets - Vulnerability Database

Unprotected JSON file leaking secrets

Description

Web applications must manage various secrets such as API keys, database credentials and/or cryptographic secrets. These secrets must be kept private for security but sometimes they are stored in unprotected (publicly accessible) configuration JSON files.

A JSON file was found that potentially contains secrets.
Please consult the Request and Details sections for more information.

Remediation

It's recommended to revoke/change the leaked secrets and investigate and resolve the source of the leakage. <br/><br/> Secrets that are embedded in code can be accidentally exposed to the public. It's recommended to store them in environment variables or in files outside of your application's source tree.

References

Best practices for securely using API keys

Related Vulnerabilities

Trace.axd Detected High
Common tags: Information Disclosure
WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1) High
Common tags: Information Disclosure
WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3) High
Common tags: Information Disclosure
WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4) High
Common tags: Information Disclosure
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0) High
Common tags: Information Disclosure

Severity

Medium

Classification

CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure