Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
f7ccc56576
commit
58f103ba8f
|
@ -22,6 +22,7 @@ export default {
|
|||
deploymentFrequencyTabEvent: 'p_analytics_ci_cd_deployment_frequency',
|
||||
leadTimeTabEvent: 'p_analytics_ci_cd_lead_time',
|
||||
timeToRestoreServiceTabEvent: 'p_analytics_ci_cd_time_to_restore_service',
|
||||
changeFailureRateTabEvent: 'p_analytics_ci_cd_change_failure_rate',
|
||||
inject: {
|
||||
shouldRenderDoraCharts: {
|
||||
type: Boolean,
|
||||
|
@ -115,6 +116,7 @@ export default {
|
|||
<gl-tab
|
||||
:title="s__('DORA4Metrics|Change failure rate')"
|
||||
data-testid="change-failure-rate-tab"
|
||||
@click="trackTabClick($options.changeFailureRateTabEvent)"
|
||||
>
|
||||
<change-failure-rate-charts />
|
||||
</gl-tab>
|
||||
|
|
|
@ -73,12 +73,14 @@ function mountSidebarToDoWidget() {
|
|||
props: {
|
||||
fullPath: projectPath,
|
||||
issuableId:
|
||||
isInIssuePage() || isInDesignPage()
|
||||
isInIssuePage() || isInIncidentPage() || isInDesignPage()
|
||||
? convertToGraphQLId(TYPE_ISSUE, id)
|
||||
: convertToGraphQLId(TYPE_MERGE_REQUEST, id),
|
||||
issuableIid: iid,
|
||||
issuableType:
|
||||
isInIssuePage() || isInDesignPage() ? IssuableType.Issue : IssuableType.MergeRequest,
|
||||
isInIssuePage() || isInIncidentPage() || isInDesignPage()
|
||||
? IssuableType.Issue
|
||||
: IssuableType.MergeRequest,
|
||||
},
|
||||
}),
|
||||
});
|
||||
|
|
|
@ -39,6 +39,7 @@ class Projects::PipelinesController < Projects::ApplicationController
|
|||
track_redis_hll_event :charts, name: 'p_analytics_ci_cd_deployment_frequency', if: -> { should_track_ci_cd_deployment_frequency? }
|
||||
track_redis_hll_event :charts, name: 'p_analytics_ci_cd_lead_time', if: -> { should_track_ci_cd_lead_time? }
|
||||
track_redis_hll_event :charts, name: 'p_analytics_ci_cd_time_to_restore_service', if: -> { should_track_ci_cd_time_to_restore_service? }
|
||||
track_redis_hll_event :charts, name: 'p_analytics_ci_cd_change_failure_rate', if: -> { should_track_ci_cd_change_failure_rate? }
|
||||
|
||||
wrap_parameters Ci::Pipeline
|
||||
|
||||
|
@ -366,6 +367,10 @@ class Projects::PipelinesController < Projects::ApplicationController
|
|||
def should_track_ci_cd_time_to_restore_service?
|
||||
params[:chart] == 'time-to-restore-service'
|
||||
end
|
||||
|
||||
def should_track_ci_cd_change_failure_rate?
|
||||
params[:chart] == 'change-failure-rate'
|
||||
end
|
||||
end
|
||||
|
||||
Projects::PipelinesController.prepend_mod_with('Projects::PipelinesController')
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
- group_path = root_url
|
||||
- group_path << parent.full_path + '/' if parent
|
||||
|
||||
= form_for '', url: import_gitlab_group_path, namespace: ('import_group' if Feature::enabled?(:group_name_path_vue, current_user)), class: 'group-form gl-show-field-errors', multipart: true do |f|
|
||||
= form_for '', url: import_gitlab_group_path, namespace: 'import_group', class: 'group-form gl-show-field-errors', multipart: true do |f|
|
||||
.gl-border-l-solid.gl-border-r-solid.gl-border-gray-100.gl-border-1.gl-p-5
|
||||
%h4
|
||||
= _('Import group from file')
|
||||
|
@ -13,38 +13,7 @@
|
|||
- docs_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('user/group/import/index.md') }
|
||||
- link_end = '</a>'.html_safe
|
||||
= s_('GroupsNew|This feature is deprecated and replaced by %{docs_link_start}group migration%{docs_link_end}.').html_safe % { docs_link_start: docs_link_start, docs_link_end: link_end }
|
||||
- if Feature::enabled?(:group_name_path_vue, current_user)
|
||||
= render 'shared/groups/group_name_and_path_fields', f: f
|
||||
- else
|
||||
.form-group.gl-display-flex.gl-flex-direction-column.gl-mt-5
|
||||
= f.label :name, _('New group name'), for: 'import_group_name'
|
||||
= f.text_field :name, placeholder: s_('GroupsNew|My Awesome Group'), class: 'js-autofill-group-name gl-form-input col-xs-12 col-sm-8',
|
||||
required: true,
|
||||
title: _('Please fill in a descriptive name for your group.'),
|
||||
autofocus: true,
|
||||
id: 'import_group_name'
|
||||
|
||||
.form-group.gl-display-flex.gl-flex-direction-column
|
||||
= f.label :import_group_path, _('New group URL'), for: 'import_group_path'
|
||||
.input-group.gl-field-error-anchor.col-xs-12.col-sm-8.gl-p-0
|
||||
.group-root-path.input-group-prepend.has-tooltip{ title: group_path, :'data-placement' => 'bottom' }
|
||||
.input-group-text
|
||||
%span
|
||||
= root_url
|
||||
- if parent
|
||||
%strong= parent.full_path + '/'
|
||||
= f.hidden_field :parent_id, value: parent&.id
|
||||
= f.text_field :path, placeholder: 'my-awesome-group', class: 'form-control js-validate-group-path js-autofill-group-path',
|
||||
id: 'import_group_path',
|
||||
required: true,
|
||||
pattern: Gitlab::PathRegex::NAMESPACE_FORMAT_REGEX_JS,
|
||||
title: group_url_error_message,
|
||||
maxlength: ::Namespace::URL_MAX_LENGTH,
|
||||
"data-bind-in" => "#{'create_chat_team' if Gitlab.config.mattermost.enabled}"
|
||||
%p.validation-error.gl-field-error.field-validation.hide
|
||||
= _("Group path is already taken. We've suggested one that is available.")
|
||||
%p.validation-success.gl-field-success.field-validation.hide= _('Group path is available.')
|
||||
%p.validation-pending.gl-field-error-ignore.field-validation.hide= _('Checking group path availability...')
|
||||
= render 'shared/groups/group_name_and_path_fields', f: f
|
||||
.form-group
|
||||
= f.label :file, s_('GroupsNew|Upload file')
|
||||
.gl-font-weight-normal
|
||||
|
|
|
@ -3,53 +3,4 @@
|
|||
- group_path << parent.full_path + '/' if parent
|
||||
|
||||
|
||||
- if Feature::enabled?(:group_name_path_vue, current_user)
|
||||
= render 'shared/groups/group_name_and_path_fields', f: f
|
||||
- else
|
||||
.row
|
||||
.form-group.group-name-holder.col-sm-12
|
||||
= f.label :name, class: 'label-bold' do
|
||||
= s_('Groups|Group name')
|
||||
= f.text_field :name, placeholder: _('My awesome group'), class: 'js-autofill-group-name form-control input-lg', data: { qa_selector: 'group_name_field' },
|
||||
required: true,
|
||||
title: s_('Groups|Enter a descriptive name for your group.'),
|
||||
autofocus: true
|
||||
.text-muted
|
||||
= s_('Groups|Must start with letter, digit, emoji, or underscore. Can also contain periods, dashes, spaces, and parentheses.')
|
||||
|
||||
.row
|
||||
.form-group.col-xs-12.col-sm-8
|
||||
= f.label :path, class: 'label-bold' do
|
||||
= s_('Groups|Group URL')
|
||||
.input-group.gl-field-error-anchor
|
||||
.group-root-path.input-group-prepend.has-tooltip{ title: group_path, :'data-placement' => 'bottom' }
|
||||
.input-group-text
|
||||
%span>= root_url
|
||||
- if parent
|
||||
%strong= parent.full_path + '/'
|
||||
= f.hidden_field :parent_id
|
||||
= f.text_field :path, placeholder: _('my-awesome-group'), class: 'form-control js-validate-group-path js-autofill-group-path', data: { qa_selector: 'group_path_field' },
|
||||
autofocus: local_assigns[:autofocus] || false, required: true,
|
||||
pattern: Gitlab::PathRegex::NAMESPACE_FORMAT_REGEX_JS,
|
||||
title: group_url_error_message,
|
||||
maxlength: ::Namespace::URL_MAX_LENGTH,
|
||||
"data-bind-in" => "#{'create_chat_team' if Gitlab.config.mattermost.enabled}"
|
||||
%p.validation-error.gl-field-error.field-validation.hide
|
||||
= s_('Groups|Group path is unavailable. Path has been replaced with a suggested available path.')
|
||||
%p.validation-success.gl-field-success.field-validation.hide= s_('Groups|Group path is available.')
|
||||
%p.validation-pending.gl-field-error-ignore.field-validation.hide= s_('Groups|Checking group URL availability...')
|
||||
|
||||
- if @group.persisted?
|
||||
.gl-alert.gl-alert-warning.gl-mt-3.gl-mb-3
|
||||
= sprite_icon('warning', size: 16, css_class: 'gl-icon gl-alert-icon gl-alert-icon-no-title')
|
||||
.gl-alert-body
|
||||
= s_('Groups|Changing group URL can have unintended side effects.')
|
||||
= succeed '.' do
|
||||
= link_to s_('Groups|Learn more'), help_page_path('user/group/index', anchor: 'change-a-groups-path'), target: '_blank', class: 'gl-link'
|
||||
|
||||
- if @group.persisted?
|
||||
.row
|
||||
.form-group.group-name-holder.col-sm-8
|
||||
= f.label :id, class: 'label-bold' do
|
||||
= s_('Groups|Group ID')
|
||||
= f.text_field :id, class: 'form-control', readonly: true
|
||||
= render 'shared/groups/group_name_and_path_fields', f: f
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
name: group_name_path_vue
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/88085
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/363623
|
||||
milestone: '15.1'
|
||||
type: development
|
||||
group: group::workspace
|
||||
default_enabled: true
|
|
@ -34,10 +34,12 @@ options:
|
|||
- p_analytics_ci_cd_deployment_frequency
|
||||
- p_analytics_ci_cd_lead_time
|
||||
- p_analytics_ci_cd_time_to_restore_service
|
||||
- p_analytics_ci_cd_change_failure_rate
|
||||
- g_analytics_ci_cd_release_statistics
|
||||
- g_analytics_ci_cd_deployment_frequency
|
||||
- g_analytics_ci_cd_lead_time
|
||||
- g_analytics_ci_cd_time_to_restore_service
|
||||
- g_analytics_ci_cd_change_failure_rate
|
||||
distribution:
|
||||
- ce
|
||||
- ee
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
key_path: redis_hll_counters.analytics.p_analytics_ci_cd_change_failure_rate_monthly
|
||||
name: p_analytics_ci_cd_change_failure_rate_monthly
|
||||
description: Count of unique visits to the project level CI/CD Analytics Change failure rate tab
|
||||
product_section: dev
|
||||
product_stage: manage
|
||||
product_group: optimize
|
||||
product_category:
|
||||
value_type: number
|
||||
status: active
|
||||
milestone: "15.2"
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/91726
|
||||
time_frame: 28d
|
||||
data_source: redis_hll
|
||||
data_category: operational
|
||||
instrumentation_class: RedisHLLMetric
|
||||
performance_indicator_type: []
|
||||
distribution:
|
||||
- ce
|
||||
- ee
|
||||
tier:
|
||||
- premium
|
||||
- ultimate
|
||||
options:
|
||||
events:
|
||||
- p_analytics_ci_cd_change_failure_rate
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
key_path: redis_hll_counters.analytics.p_analytics_ci_cd_change_failure_rate_weekly
|
||||
name: p_analytics_ci_cd_change_failure_rate_weekly
|
||||
description: Count of unique visits to the project level CI/CD Analytics Change failure rate tab
|
||||
product_section: dev
|
||||
product_stage: manage
|
||||
product_group: optimize
|
||||
product_category:
|
||||
value_type: number
|
||||
status: active
|
||||
milestone: "15.2"
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/91726
|
||||
time_frame: 7d
|
||||
data_source: redis_hll
|
||||
data_category: operational
|
||||
instrumentation_class: RedisHLLMetric
|
||||
performance_indicator_type: []
|
||||
distribution:
|
||||
- ce
|
||||
- ee
|
||||
tier:
|
||||
- premium
|
||||
- ultimate
|
||||
options:
|
||||
events:
|
||||
- p_analytics_ci_cd_change_failure_rate
|
|
@ -387,8 +387,8 @@ Additional steps between the mentioned versions are possible. We list the minima
|
|||
|
||||
| Target version | Your version | Supported upgrade path | Note |
|
||||
| -------------- | ------------ | ---------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `15.1.0` | `14.6.2` | `14.6.2` -> `14.9.5` -> `14.10.4` -> `15.0.2` -> `15.1.0` | Three intermediate versions are required: `14.9` and `14.10`, `15.0`, then `15.1.0`. |
|
||||
| `15.0.0` | `14.6.2` | `14.6.2` -> `14.9.5` -> `14.10.4` -> `15.0.2` | Two intermediate versions are required: `14.9` and `14.10`, then `15.0.0`. |
|
||||
| `15.1.0` | `14.6.2` | `14.6.2` -> `14.9.5` -> `14.10.5` -> `15.0.2` -> `15.1.0` | Three intermediate versions are required: `14.9` and `14.10`, `15.0`, then `15.1.0`. |
|
||||
| `15.0.0` | `14.6.2` | `14.6.2` -> `14.9.5` -> `14.10.5` -> `15.0.2` | Two intermediate versions are required: `14.9` and `14.10`, then `15.0.0`. |
|
||||
| `14.6.2` | `13.10.2` | `13.10.2` -> `13.12.15` -> `14.0.12` -> `14.3.6` => `14.6.2` | Three intermediate versions are required: `13.12` and `14.0`, `14.3`, then `14.6.2`. |
|
||||
| `14.1.8` | `13.9.2` | `13.9.2` -> `13.12.15` -> `14.0.12` -> `14.1.8` | Two intermediate versions are required: `13.12` and `14.0`, then `14.1.8`. |
|
||||
| `13.12.15` | `12.9.2` | `12.9.2` -> `12.10.14` -> `13.0.14` -> `13.1.11` -> `13.8.8` -> `13.12.15` | Four intermediate versions are required: `12.10`, `13.0`, `13.1` and `13.8.8`, then `13.12.15`. |
|
||||
|
|
|
@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
|
||||
## Description
|
||||
|
||||
The {cookie_name} cookie was transmitted in a `Set-Cookie` header without the `HttpOnly` attribute set.
|
||||
The cookie was transmitted in a `Set-Cookie` header without the `HttpOnly` attribute set.
|
||||
To prevent JavaScript being able to access the cookie value - usually via `document.cookies` - all
|
||||
cookies that are used for authorization should have the `HttpOnly` attribute
|
||||
set.
|
||||
|
|
|
@ -32,4 +32,4 @@ information from the `X-Powered-By` header.
|
|||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/16.html)
|
||||
- [PHP `expose_php`](https://www.php.net/manual/en/ini.core.php#ini.expose-php)
|
||||
- [PHP expose_php](https://www.php.net/manual/en/ini.core.php#ini.expose-php)
|
||||
|
|
|
@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
|
||||
## Description
|
||||
|
||||
The target website returns AspNet headers and version information of this website. By
|
||||
The target website returns AspNet header(s) and version information of this website. By
|
||||
exposing these values attackers may attempt to identify if the target software is vulnerable to known
|
||||
vulnerabilities, or catalog known sites running particular versions to exploit in the future when a
|
||||
vulnerability is identified in the particular version.
|
||||
|
|
|
@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
|
||||
## Description
|
||||
|
||||
The target website returns AspNet headers along with version information of this website. By
|
||||
The target website returns AspNet header(s) along with version information of this website. By
|
||||
exposing these values attackers may attempt to identify if the target software is vulnerable to known
|
||||
vulnerabilities. Or catalog known sites running particular versions to exploit in the future when a
|
||||
vulnerability is identified in the particular version.
|
||||
|
|
|
@ -15,7 +15,7 @@ site.
|
|||
## Remediation
|
||||
|
||||
Follow the recommendations to determine if any actions are necessary to harden this `Content-Security-Policy-Report-Only`.
|
||||
After all alerts have been resolved, we recommended that this header be changed to `Content-Security-Policy`.
|
||||
After all alerts have been resolved, we recommend that this header be changed to `Content-Security-Policy`.
|
||||
|
||||
## Details
|
||||
|
||||
|
|
|
@ -9,17 +9,17 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
## Description
|
||||
|
||||
The application was found to return error data such as stack traces. Depending on the data contained within the error message,
|
||||
this information could be used by an attacker to conduct further attacks. While stack traces are helpful during development
|
||||
and debugging, they should not be presented to users when an error occurs.
|
||||
this information could be used by an attacker to conduct further attacks. While stack traces are helpful during development
|
||||
and debugging, they should not be presented to users when an error occurs.
|
||||
|
||||
## Remediation
|
||||
|
||||
Applications should handle exception conditions internally and map known failure types to error codes that can be displayed
|
||||
to a user. These error codes should be customized to the application and returned along with the relevant HTTP error code.
|
||||
|
||||
When an error occurs, the application identifies the error type or class, and displays a numerical value to the
|
||||
user. Requests should also be tracked so when a user is presented with an error code, it has a corresponding request ID.
|
||||
Support teams can then correlate the HTTP error, the customized error code, and the request ID in the log files to
|
||||
When an error occurs, the application identifies the error type or class, and displays a numerical value to the
|
||||
user. Requests should also be tracked so when a user is presented with an error code, it has a corresponding request ID.
|
||||
Support teams can then correlate the HTTP error, the customized error code, and the request ID in the log files to
|
||||
determine the root cause of the error without leaking details to the end user.
|
||||
|
||||
Example of returning customized errors:
|
||||
|
|
|
@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
|
||||
## Description
|
||||
|
||||
The {cookie_name} cookie was transmitted in a `Set-Cookie` response without the `Secure` attribute set.
|
||||
The cookie was transmitted in a `Set-Cookie` response without the `Secure` attribute set.
|
||||
To prevent sensitive cookie values being accidentally transmitted over clear-text HTTP we
|
||||
recommended that cookies are declared with the `Secure` attribute.
|
||||
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Adafruit API Key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Adafruit API Key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.1 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Asana Client Secret
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Asana Client Secret.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.10 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Sendbird Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Sendbird Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.100 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token SendGrid API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a SendGrid API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.101 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Sendinblue API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Sendinblue API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.102 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Sentry Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Sentry Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.103 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Shippo API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Shippo API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.104 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Shopify access token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Shopify access token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.105 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Shopify custom access token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Shopify custom access token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.106 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Shopify private app access token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Shopify private app access token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.107 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Shopify shared secret
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Shopify shared secret.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.108 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Slack token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Slack token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.109 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Atlassian API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Atlassian API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.11 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Slack Webhook
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Slack Webhook.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.110 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Stripe
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Stripe.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.111 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Square Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Square Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.112 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Squarespace Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Squarespace Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.113 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token SumoLogic Access ID
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a SumoLogic Access ID.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.114 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token SumoLogic Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a SumoLogic Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.115 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Travis CI Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Travis CI Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.116 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Twilio API Key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Twilio API Key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.117 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Twitch API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Twitch API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.118 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Twitter API Key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Twitter API Key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.119 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token AWS
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a AWS.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.12 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Twitter API Secret
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Twitter API Secret.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.120 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Twitter Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Twitter Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.121 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Twitter Access Secret
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Twitter Access Secret.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.122 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Twitter Bearer Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Twitter Bearer Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.123 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Typeform API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Typeform API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.124 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Yandex API Key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Yandex API Key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.125 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Yandex AWS Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Yandex AWS Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.126 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Yandex Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Yandex Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.127 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Zendesk Secret Key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Zendesk Secret Key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.128 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Bitbucket Client ID
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Bitbucket Client ID.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.13 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Bitbucket Client Secret
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Bitbucket Client Secret.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.14 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Bittrex Access Key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Bittrex Access Key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.15 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Bittrex Secret Key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Bittrex Secret Key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.16 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Beamer API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Beamer API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.17 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Codecov Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Codecov Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.18 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Coinbase Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Coinbase Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.19 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Adobe Client ID (OAuth Web)
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Adobe Client ID (OAuth Web).
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.2 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Clojars API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Clojars API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.20 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Confluent Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Confluent Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.21 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Confluent Secret Key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Confluent Secret Key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.22 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Contentful delivery API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Contentful delivery API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.23 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Databricks API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Databricks API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.24 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Datadog Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Datadog Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.25 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Discord API key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Discord API key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.26 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Discord client ID
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Discord client ID.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.27 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Discord client secret
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Discord client secret.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.28 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Doppler API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Doppler API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.29 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Adobe Client Secret
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Adobe Client Secret.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.3 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Dropbox API secret
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Dropbox API secret.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.30 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Dropbox long lived API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Dropbox long lived API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.31 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Dropbox short lived API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Dropbox short lived API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.32 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Droneci Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Droneci Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.33 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Duffel API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Duffel API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.34 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Dynatrace API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Dynatrace API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.35 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token EasyPost API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a EasyPost API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.36 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token EasyPost test API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a EasyPost test API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.37 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Etsy Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Etsy Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.38 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Facebook
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Facebook.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.39 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Age secret key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Age secret key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.4 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Fastly API key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Fastly API key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.40 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Finicity Client Secret
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Finicity Client Secret.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.41 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Finicity API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Finicity API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.42 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Flickr Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Flickr Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.43 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Finnhub Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Finnhub Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.44 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Finicity Public Key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Finicity Public Key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.45 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Flutterwave Secret Key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Flutterwave Secret Key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.46 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Flutterwave Encryption Key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Flutterwave Encryption Key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.47 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Frame.io API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Frame.io API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.48 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Freshbooks Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Freshbooks Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.49 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Airtable API Key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Airtable API Key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.5 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token GoCardless API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a GoCardless API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.50 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token GCP API key
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a GCP API key.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.51 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token GitHub Personal Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a GitHub Personal Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.52 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token GitHub OAuth Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a GitHub OAuth Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.53 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token GitHub App Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a GitHub App Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.54 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token GitHub Refresh Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a GitHub Refresh Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.55 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token GitLab Personal Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a GitLab Personal Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.56 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token Gitter Access Token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a Gitter Access Token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.57 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
stage: Secure
|
||||
group: Dynamic Analysis
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# Exposure of confidential secret or token HashiCorp Terraform user/org API token
|
||||
|
||||
## Description
|
||||
|
||||
The response body contains content that matches the pattern of a HashiCorp Terraform user/org API token.
|
||||
Exposing this value could allow attackers to gain access to all resources granted by this token.
|
||||
|
||||
## Remediation
|
||||
|
||||
Review the response body content and remove any exposed values.
|
||||
|
||||
## Details
|
||||
|
||||
| ID | Aggregated | CWE | Type | Risk |
|
||||
|:---|:--------|:--------|:--------|:--------|
|
||||
| 798.58 | false | 798 | Passive | High |
|
||||
|
||||
## Links
|
||||
|
||||
- [CWE](https://cwe.mitre.org/data/definitions/798.html)
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue