| Details | |
|---|---|
| Alert ID | 100043-2 |
| Alert Type | Script Active |
| Status | alpha |
| Risk | High |
| CWE | 522 |
| WASC | |
| Technologies Targeted | All |
| Tags |
API_2023_API9 CWE-522 OWASP_2017_A06 OWASP_2021_A05 OWASP_2025_A02 POLICY_API POLICY_PENTEST |
| More Info |
Scan Rule Help |
Summary
Swagger UI endpoint exposes sensitive secrets such as client secrets, API keys, or OAuth tokens. These secrets may be accessible in the HTML source and should not be exposed publicly, as this can lead to compromise.