Exposure of confidential secret or token Artifactory Identity Token

Description

The response body contains content that matches the pattern of an Artifactory Identity Token was identified. An Artifactory Identity Token allows authentication to access repositories, download artifacts, upload artifacts, and execute privileged operations within JFrog Artifactory based on the token’s assigned permissions. If leaked, a malicious actor could use this token to steal proprietary code, inject compromised dependencies into the software supply chain, or potentially gain unauthorized access to connected CI/CD systems that rely on Artifactory for builds. Exposing this value could allow attackers to gain access to all resources granted by this token.

Remediation

For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on Credential exposure to the internet.

Details

Links

• CWE