Exposure of confidential secret or token PGP private key

Description

The response body contains content that matches the pattern of a PGP private key was identified. PGP private keys are used to encrypt and decrypt messages. A malicious actor with access to this key can encrypt and decrypt all past and future messages. Note that past messages encrypted using this key should be considered compromised, and new messages cannot be considered trusted. Exposing this value could allow attackers to gain access to all resources granted by this token.

Remediation

For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on Credential exposure to the internet. PGP keys cannot be rotated, a new key must be created. For more information, please see GnuPG’s documentation on generating keys

Details

Links

• CWE