'Exposure of confidential secret or token Shopify personal access token'
Description
The response body contains content that matches the pattern of a Shopify personal access token was identified. Access tokens can be given restricted scopes or be given full access to all store data. A malicious actor who gained access to this token could be able to read or modify store data. Exposing this value could allow attackers to gain access to all resources granted by this token.
Remediation
For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on Credential exposure to the internet. Access tokens cannot be revoked, you must uninstall and reinstall the application. Please see Shopify's documentation for more details.
Details
| ID | Aggregated | CWE | Type | Risk |
|---|---|---|---|---|
| 798.105 | false | 798 | Passive | High |