Exposure of confidential secret or token Fastly API user or automation token

Description

The response body contains content that matches the pattern of a Fastly API user or automation token was identified. Fastly API tokens can grant read write or read only access depending on how they are configured. Exposing this value could allow attackers to gain access to all resources granted by this token.

Remediation

For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on Credential exposure to the internet.

To revoke an API token:

Sign in to the Fastly web interface at https://manage.fastly.com/account
Go to “Account” and then “API Tokens” in the left hand menu
Find the token you want to delete and note any details about its scope.
When ready, select the trash icon
When prompted select “Delete”

For more information, please see Fastly’s documentation on Using API Tokens.

Details

ID	Aggregated	CWE	Type	Risk
798.40	false	798	Passive	High

Exposure of confidential secret or token Fastly API user or automation token

Description

Remediation

Details

Links