Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A Slack webhook URL has been found in the code, which exposes a secret endpoint that can be used to send messages to your Slack workspace. Hardcoding such webhooks in code can lead to unauthorized access if the code is leaked or shared.
Impact#
If an attacker obtains this webhook URL, they can send arbitrary messages to your Slack channels, potentially causing spam, disrupting communication, or leaking sensitive information. This can harm your team’s trust in the platform and may lead to reputational or operational damage.