Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Hard-coded Harness API keys were found in the source code. Storing credentials directly in code makes them easy to accidentally expose, especially if the code is shared or published.
Impact#
If attackers obtain these API keys, they could gain unauthorized access to your Harness account and resources, potentially leading to data leaks, disruption of CI/CD pipelines, or misuse of your infrastructure. This could result in compromised systems and significant organizational risk.