Exposure of Sensitive Information to an Unauthorized Actor in cjferna/photo-services-mashup
Feb 4th 2022
Please enter a description of the vulnerability.
Vulnerable URL: https://github.com/cjferna/Photo-Services-Mashup/blob/fdc12e0671e035bac00cc46ee67d456540444460/src/es/um/taw/rest/imagga/Imagga.java
It contains sensitive API Keys and secret keys.
Proof of Concept
private final String URL = "https://api.imagga.com/v1/tagging"; private final String API_KEY = "acc_d3a72c1921822a1"; private final String API_SECRET = "afeade1da6cb5bd2e762c75369cacdb5"; // PoC.js var payload = ...
This vulnerability is capable of...
We are processing your report and will contact the cjferna/photo-services-mashup team within 24 hours. a year ago
We have contacted a member of the cjferna/photo-services-mashup team and are waiting to hear back a year ago
commented a year ago
Code has been fixed and the keys published have been withdrawn.
to join this conversation