Description
Sensitive data disclosure occurs when confidential information such as API tokens, access keys, secrets, or credentials are exposed in publicly accessible content. This can happen through HTML, JavaScript, error messages, comments, or configuration files, and may allow attackers to gain unauthorized access to systems or services.
Recommendation
First of all revoke the exposed secret. Scan and monitor code, configuration files, and web content to detect and remove sensitive data. Use environment variables or secrets management tools for handling credentials. Never hardcode secrets in source files or expose them in client-side code. Implement security reviews in your development pipeline to catch leaks before deployment.
References
- GitHub: Secrets Scanning
- CWE-200
- CWE-522
- CWE-798
- CAPEC-118
- OWASP 2021-A1
- OWASP 2021-A2
- OWASP 2021-A4
- OWASP 2021-A5
- OWASP 2021-A7
Related Issues
- X-Powered-By Header Found - Vulnerability
- Server Version Disclosure - Vulnerability
- Apache Version Disclosure - Vulnerability
- Old/Backup Resource Found - Vulnerability
- Tags:
- Information Disclosure
- Sensitive Data Exposure
- API Security
Anything's wrong? Let us know Last updated on August 01, 2025