51 lines
1.5 KiB
Plaintext
51 lines
1.5 KiB
Plaintext
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
Attackers with access to an Artifactory API key will be able to use this API
|
|
with all the permissions the corresponding user has been granted with.
|
|
|
|
=== What is the potential impact?
|
|
|
|
The consequences vary depending on the compromised account entitlement but can
|
|
range from proprietary information leaks to severe supply chain attacks.
|
|
|
|
include::../../../shared_content/secrets/impact/data_compromise.adoc[]
|
|
|
|
In the case of Artifactory repositories, if they contain private code or
|
|
software, attackers will be able to steal those. They could use this software
|
|
for their own use, to look for further exploitable vulnerability, or disclose it
|
|
publicly, with or without asking for a ransom.
|
|
|
|
include::../../../shared_content/secrets/impact/supply_chain_attack.adoc[]
|
|
|
|
== How to fix it
|
|
|
|
include::../../../shared_content/secrets/fix/revoke.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/recent_use.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
|
|
|
=== Code examples
|
|
|
|
:example_secret: AKCp8vLnDPZeVA29WylUNdaT54Pg2E9rx8gJWfbPCw2Wsb0UCAEmimIPFscGbJPYEUhXVBCRQ
|
|
:example_name: artifactory_token
|
|
:example_env: ARTIFACTORY_TOKEN
|
|
|
|
include::../../../shared_content/secrets/examples.adoc[]
|
|
|
|
//=== How does this work?
|
|
|
|
//=== Pitfalls
|
|
|
|
//=== Going the extra mile
|
|
|
|
== Resources
|
|
|
|
include::../../../shared_content/secrets/resources/standards.adoc[]
|
|
|
|
//=== Benchmarks
|