Closed github-actions[bot] closed 4 years ago
View the following link to download the report. RunnerID:152816769
View the following link to download the report. RunnerID:154175659
View the following link to download the report. RunnerID:155269510
View the following link to download the report. RunnerID:155280252
View the following link to download the report. RunnerID:159573018
View the following link to download the report. RunnerID:159580946
View the following link to download the report. RunnerID:159588409
View the following link to download the report. RunnerID:159613988
View the following link to download the report. RunnerID:159718644
View the following link to download the report. RunnerID:159736293
View the following link to download the report. RunnerID:167413953
View the following link to download the report. RunnerID:167423064
View the following link to download the report. RunnerID:167462912
View the following link to download the report. RunnerID:167472015
View the following link to download the report. RunnerID:171228700
View the following link to download the report. RunnerID:171535099
View the following link to download the report. RunnerID:171623942
Site: https://get-teacher-training-adviser-service-dev.london.cloudapps.digital New Alerts
Trace.axd Information Leak [40029] total: 1:
Resolved Alerts
Content-Type Header Missing [10019] total: 4:
Ignored Alerts
View the following link to download the report. RunnerID:172465049
View the following link to download the report. RunnerID:175450573
View the following link to download the report. RunnerID:175518109
View the following link to download the report. RunnerID:175746690
View the following link to download the report. RunnerID:176850597
View the following link to download the report. RunnerID:177021168
View the following link to download the report. RunnerID:177215263
Hi! I'm a security researcher @TruffleSecurity. I found a valid API key leaked in a comment in this Issue. I highly recommend rotating the API key immediately (not just deleting the comment). Here's a blog post I wrote on remediating these types of vulnerabilities: https://trufflesecurity.com/blog/remediate-leaked-api-keys-with-key-rotation.
If you can't find the leaked API key, you can use the following TruffleHog command to automatically scan for it:trufflehog github --repo https://github.com/<your_username>/<your_reponame> --issue-comments --only-verified
If it's not clear where/what the security issue is, please let me know. I'd be happy to help. Please note that the API key might be in the past edit of a comment.
Site: https://get-teacher-training-adviser-service-dev.london.cloudapps.digital New Alerts
Trace.axd Information Leak [40029] total: 1:
Ignored Alerts
View the following link to download the report. RunnerID:152672204