Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Bitbucket client IDs (credentials) have been found hard-coded in the source code. Storing secrets directly in code makes them easy to accidentally leak or expose to unauthorized users.
Impact#
If these credentials are discovered, attackers could gain unauthorized access to Bitbucket resources, potentially leading to data breaches, code theft, or manipulation of repositories. This can compromise the security and integrity of your application and organization.