Skip to main content

Sensitive information in source code - Git history

Description#

Sensitive information such as usernames, service credentials or access tokens can be found in the git history.

Impact#

Obtain sensitive information to compromise more resources or services

Recommendation#

  • Remove the sensitive information from the git history
  • Change the compromised access credentials

Threat#

Authenticated user from Internet with access to the source code.

Score#

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base#

  • Attack vector: N
  • Attack complexity: L
  • Privileges required: L
  • User interaction: N
  • Scope: U
  • Confidentiality: L
  • Integrity: N
  • Availability: N

Temporal#

  • Exploit code madurity: P
  • Remediation level: U
  • Report confidence: C

Result#

  • Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C
  • Score:
    • Base: 4.3
    • Temporal: 4.1
  • Severity:
    • Base: Medium
    • Temporal: Medium

Requirements#